From owner-freebsd-net@freebsd.org Sun Jun 26 00:13:19 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6B48A79472 for ; Sun, 26 Jun 2016 00:13:19 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6D5681EE7 for ; Sun, 26 Jun 2016 00:13:19 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-oi0-x22d.google.com with SMTP id s66so159996881oif.1 for ; Sat, 25 Jun 2016 17:13:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=TPNCsbSyjkLs68lPl0noUN0XrM7O0cLNoBVB83lJczI=; b=AcOjw1ThIpg3oG+OE6OxH+p1aHyBi3tmgWChuS7I4zwKV6XcdaD8jMC7gEUYTTtFHb fy6phM3IUWyAlSssminw4fQ/piF5vSTpn5MSjJtevPzSKi2uiHQiKPVVliNC52BT2UXO pnUXNrU7QEalTXl9MNwnAA+9yvuYZMfAcwpoqmcQ91KrNZiXKP0D5D5O5rpLzeXYUdQ2 OqX1GhRl9K3dw7TAFrpQbySVGPhF130lz3hm6QHOkTHF9GoJpRyoDlVz7obyu1rXGxT7 OQuou7l5roXYt2HSvmDqSGVzMiOa5Jn2FCYtJWId2MxFcDI7B+J0d4WNt9iJcNKNkpiq s0Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=TPNCsbSyjkLs68lPl0noUN0XrM7O0cLNoBVB83lJczI=; b=ZEhjRHZSRHDpv03Auey08xYUdU6aVRfjc1sFjFN6Zl5LUblXpDTJY2dd4LcZfBLcHk 3OpW987nwiHD+ra1p+507A/1EMmtPLgw7Mh/yoxh+mmAPrFv2wYkiEDH4Xnq3LPHjCk6 zfSmrgy/9oZoBitHMfM8rrBHIvXzvsrr6q3ZK0nPSjhHMzL3zOPy8uS7hgTmzpkCdNnT tCFiTR9kHw95K/PGmIS1Ew+GPiK4s3Eknnt8O7J3vHxgIN9ZegsOPIwimjd8Oz+YogTK 95FktopEgZHcedfFJPo+wuoa0xrOK6SHi+gv0b8Q86FrzKK4Wy1W0J5qaMYV8cqFWXnW fE6Q== X-Gm-Message-State: ALyK8tIIXIZAJn2hln4A6GtK8Ps8tBv4pdWWqqXf0El0ZY/yA88VsCjy+lZ3DCYNJ6uvc+k2ZVMv19bq4hzDNA== X-Received: by 10.202.224.136 with SMTP id x130mr7419406oig.105.1466899998606; Sat, 25 Jun 2016 17:13:18 -0700 (PDT) MIME-Version: 1.0 Sender: asomers@gmail.com Received: by 10.202.168.149 with HTTP; Sat, 25 Jun 2016 17:13:18 -0700 (PDT) In-Reply-To: <20160625220551.646eccb6@copperhead.int.arc7.info> References: <20160625164240.7cea7587@copperhead.int.arc7.info> <20160625234636.2f086908@x23> <20160625220551.646eccb6@copperhead.int.arc7.info> From: Alan Somers Date: Sat, 25 Jun 2016 18:13:18 -0600 X-Google-Sender-Auth: viZTBTYtLaxBEZ9WUcQhBxbrqz4 Message-ID: Subject: Re: ifconfig: BRDGADD lo1: invalid argument To: org.freebsd.security@io7m.com Cc: Marko Zec , FreeBSD Net Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2016 00:13:19 -0000 On Sat, Jun 25, 2016 at 4:05 PM, wrote: > Hello! > > On 2016-06-25T23:46:36 +0200 > Marko Zec wrote: >> >> if_bridge(4) works only with ethernet interfaces, and lo(4) isn't such a >> thing. > > Has this always been the case? I'm almost certain that I set up jails > with extra loopback devices that communicated over bridges back in the > FreeBSD 6 days. > >> Assuming you are using vnet jails, take a look at if_epair(4): assign >> one endpoint to the bridge, and the another one to the jail. > > I'm not using vnet jails. I'm actually just trying to get filtering of > outbound traffic (see the other mail I sent to this list a few seconds > before you responded). Based on my experience, I highly recommend vnet jails if you want outbound filtering. It's much simpler than trying to filter outbound traffic from shared-IP jails. > >> If you're not using vnet jails, you should simply add an alias address >> to em0. > > Could you explain a little more here? > > M > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@freebsd.org Sun Jun 26 02:32:14 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65152B7321D for ; Sun, 26 Jun 2016 02:32:14 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0137.outbound.protection.outlook.com [157.56.112.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BABD71BA2 for ; Sun, 26 Jun 2016 02:32:12 +0000 (UTC) (envelope-from James@Lodge.me.uk) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gavinlodge.onmicrosoft.com; s=selector1-Lodge-me-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=S9eVB76aGmFyajcFYXv2e7k6SkIkRtFbohGrvZV29D4=; b=WAYSM3ZdldMyBUGZZ7q4E+g7Abprk9xavHmuvXFSzwxYNidVixZZE0kxt7vkt2fnphMPwujYwTXug3fGII/ACpGJSTDVSPyyz395F7wXujoMU58mcnZ5iQZdS6YOAF/PsqIFrsFzS8urbOo4msSiLiMFNA6Rm1Po/W2TMM/okN0= Received: from DB5PR06MB1718.eurprd06.prod.outlook.com (10.165.213.16) by DB5PR06MB1718.eurprd06.prod.outlook.com (10.165.213.16) with Microsoft SMTP Server (TLS) id 15.1.528.8; Sun, 26 Jun 2016 02:32:04 +0000 Received: from DB5PR06MB1718.eurprd06.prod.outlook.com ([10.165.213.16]) by DB5PR06MB1718.eurprd06.prod.outlook.com ([10.165.213.16]) with mapi id 15.01.0528.014; Sun, 26 Jun 2016 02:32:04 +0000 From: James Lodge To: "org.freebsd.security@io7m.com" CC: "freebsd-net@freebsd.org" Subject: Re: Filtering outbound traffic for private address jails? Thread-Topic: Filtering outbound traffic for private address jails? Thread-Index: AQHRzy5kidDlXJVON0eMaGq8Ct2cf5/7B32N Date: Sun, 26 Jun 2016 02:32:04 +0000 Message-ID: References: <20160625220137.1ed8de16@copperhead.int.arc7.info> In-Reply-To: <20160625220137.1ed8de16@copperhead.int.arc7.info> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=James@Lodge.me.uk; x-originating-ip: [213.205.198.133] x-ms-office365-filtering-correlation-id: d89105a3-39e2-4170-e63e-08d39d6a0fc3 x-microsoft-exchange-diagnostics: 1; DB5PR06MB1718; 6:cBiE9xTBiYhW70BDU5pACFpkwzd/15XiC86EEX5LoVw0zYAkNQqfB1VmDqUd5+QacLGnj7iSrhI47bgabt4BUH6H6ykT2/+dzHFHPLwAvHHjCVojRIPW2y6i4aS7uJmAUZnhUSmion0h7LOhLfsNWxSxNjPd8eLHZcimBctC77in0yF/3sQEsWGFwx1ymBdobdCHUy0MXtSk/TvKKxteO+sdgN+6D2qInKCddQWo+wdEMfwaYe0/RSditX9opOFduy181rmaPrF6z9wt7ruCLsi9ihcu4+23Dk6h/YK4JhO5hegG/llupF94Q05IMTob; 5:yK60g0R3SWbxNhujilAHpyUnVswQWft0nnSTFOF+zRcwcQrgWA4x1qelGF4aQLTmDpPNJLblyOJ8KD2BdqmEqrV1MrmQcAjTnmtLl/0EEIufH2drN6VOzRw/38lciX1uvLR1gi5hs+Er5H/24N9N2A==; 24:xPc35VIQ4d6QE577E0zY2XgRytgT8WmHRQ8G+rStWSjZ0xk6RSE3NO0aAiOKGfMGDhc1pGOXyF0mlQbh21L8WormWb1R7/jBwkPZUY9UT8A=; 7:KTWj1bQRO+UZN0s9bgTUoCDSwb5Mspb/34G9uiVMIJ28XV+CcEOtw8Ihqp3JYbx81QkxMyDmAYC17e6eu8nt9H7HXOrMq1PwUmtp5EGWwmhFkl0bX/lsmSu64SjgyfvnxBPn6ti1roBTwUmIa7PQGWZ5U+357AVV7FerN++SbOq9IvRmWyhDxfv/SUUJK5bVfESDcvYylNZ9H5Ayw9e3cpm2g9Ny4yjfsuOLNzRX5jxpo26U/FkpOl7jNkBzzvN9 x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR06MB1718; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(209352067349851)(75325880899374); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040130)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6041072)(6043046); SRVR:DB5PR06MB1718; BCL:0; PCL:0; RULEID:; SRVR:DB5PR06MB1718; x-forefront-prvs: 0985DA2459 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(24454002)(189002)(199003)(105586002)(82746002)(2501003)(77096005)(19580405001)(50986999)(19580395003)(54356999)(76176999)(15975445007)(106356001)(33656002)(3660700001)(83716003)(16236675004)(5003630100001)(3280700002)(2906002)(2900100001)(2950100001)(189998001)(5002640100001)(19617315012)(66066001)(92566002)(68736007)(5640700001)(81156014)(8676002)(86362001)(4326007)(586003)(3846002)(11100500001)(102836003)(6116002)(81166006)(8936002)(80792005)(2351001)(106116001)(36756003)(10400500002)(7736002)(122556002)(74482002)(110136002)(7906003)(87936001)(101416001)(97736004)(7846002)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB5PR06MB1718; H:DB5PR06MB1718.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: Lodge.me.uk does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: Lodge.me.uk X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jun 2016 02:32:04.3480 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ded56ae9-7c77-4cf6-bbfd-39e6a505742d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR06MB1718 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2016 02:32:14 -0000 Sent from my iPhone On 25 Jun 2016, at 23:10, "org.freebsd.security@io7m.com" > wrote: Hello. I have been searching for the best part of a day for a solution to this problem and quite frankly cannot believe that I've spent this long on something that appears to be so simple and that used to be fairly easy to achieve. Many years ago, I solved this problem on FreeBSD 6, but the way I did it there seems to no longer work on modern releases. The problem is this: I have a single public IP address. I want to run multiple jails. Back in the days of FreeBSD 6.*, the accepted way to do this seemed to be to create a new loopback device: # ifconfig lo1 create ... and then add a lot of private 127.0.0.* addresses, one per jail. Then, the real network adapter and the new loopback device were both added to a bridge (if_bridge). Unfortunately, I can't remember the exact details, but I believe that NAT was then enabled on the real interface. In order to filter traffic to, from, and between jails, pf rules were written that filtered the bridge device. This meant that jails could correctly send outbound traffic and receive responses (via pf states), could correctly receive specific inbound traffic (via rdr rules), and traffic in both directions could be filtered based on packets entering and leaving the bridge. However (see my other mailing list post), it seems that now with FreeBSD 10, you just can't add loopback devices to bridges. I can find no evidence of anyone online doing this, or even using the old bridge method that I just described! I can find one post in russian that seems to have the same error that I encounter, but nobody has any idea why it's happening. I can find dozens of blog posts describing how to set up jails on private IP addresses. They all follow the same pattern: 1. Create a loopback device. 2. Create a 127.0.0.* address on the loopback device. 3. Create a jail using the address you just added. 4. Set up pf and enable NAT between the real network adapter and the new loopback device. Unfortunately, at this point, you completely lose the ability to filter outbound jail traffic; All packets sent from a jail will obviously have their source address changed to that of the host and therefore it's not possible to distinguish between outbound host traffic and outbound jail traffic in filter rules. As far as I can tell, people are just not filtering outbound traffic, which seems insane! Is it really impossible to do this with FreeBSD 10? M _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" If you clone lo1, give it a 192.168.x.x/32 IP and then use the following pf= .conf Do you need to bridge the interfaces? You may need to add gateway_enable=3D= "YES" to rc.conf Not sure if that's what you're trying to do? James IP_PUB=3D"Your Public IP Address Here" IP_JAIL=3D"192.168.0.2" NET_JAIL=3D"192.168.0.0/24" PORT_JAIL=3D"{80,443,2020}" scrub in all nat pass on em0 from $NET_JAIL to any -> $IP_PUB rdr pass on em0 proto tcp from any to $IP_PUB port $PORT_WWW -> $IP_JAIL From owner-freebsd-net@freebsd.org Sun Jun 26 09:38:16 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2DFEFB80932 for ; Sun, 26 Jun 2016 09:38:16 +0000 (UTC) (envelope-from org.freebsd.security@io7m.com) Received: from nov-007-i540.relay.mailchannels.net (nov-007-i540.relay.mailchannels.net [46.232.183.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 359AB11AD; Sun, 26 Jun 2016 09:38:11 +0000 (UTC) (envelope-from org.freebsd.security@io7m.com) X-Sender-Id: _forwarded-from|212.69.61.187 Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DF5FB120259; Sun, 26 Jun 2016 09:38:05 +0000 (UTC) Received: from bs3-dallas.accountservergroup.com (ip-10-213-14-133.us-west-2.compute.internal [10.213.14.133]) by relay.mailchannels.net (Postfix) with ESMTPA id 565C2120356; Sun, 26 Jun 2016 09:38:05 +0000 (UTC) X-Sender-Id: _forwarded-from|212.69.61.187 Received: from bs3-dallas.accountservergroup.com (bs3-dallas.accountservergroup.com [10.107.128.240]) (using TLSv1 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:2500 (trex/5.6.15); Sun, 26 Jun 2016 09:38:05 +0000 X-MC-Relay: Forwarding X-MailChannels-SenderId: _forwarded-from|212.69.61.187 X-MailChannels-Auth-Id: wwwh X-MC-Loop-Signature: 1466933885594:1694019265 X-MC-Ingress-Time: 1466933885594 Received: from cust187-dsl61.idnet.net ([212.69.61.187]:63267 helo=copperhead.int.arc7.info) by bs3-dallas.accountservergroup.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.87) (envelope-from ) id 1bH6Vo-000FC5-Gq; Sun, 26 Jun 2016 04:37:56 -0500 Date: Sun, 26 Jun 2016 09:37:54 +0000 From: To: Alan Somers Cc: FreeBSD Net Subject: Re: ifconfig: BRDGADD lo1: invalid argument Message-ID: <20160626093754.5e534ff4@copperhead.int.arc7.info> In-Reply-To: References: <20160625164240.7cea7587@copperhead.int.arc7.info> <20160625234636.2f086908@x23> <20160625220551.646eccb6@copperhead.int.arc7.info> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-PopBeforeSMTPSenders: org.mesa3d.mesa-users@io7m.com, net.java@io7m.com, com.io7m.lists@io7m.com, org.codehaus.mojo@io7m.com, com.meetup@io7m.com, org.archlinux@io7m.com, com.steampowered@io7m.com, com.blendswap@io7m.com, org.opengl@io7m.com, legalandgeneral@io7m.com, org.freedesktop@io7m.com, org.jogamp@io7m.com, org.junit@io7m.com, org.apache.maven.user@io7m.com, org.sonatype@io7m.com, org.dyn4j@io7m.com, com.creative.opensource.openal@io7m.com, org.fossil-scm.fossil-users@io7m.com, github@io7m.com, code@io7m.com, contact@io7m.com, mark-ext@io7m.com, mark@io7m.com, io.github.lmax-exchange@io7m.com, com.the-blueprints@io7m.com, com.dropbox@io7m.com, com.rockstargames@io7m.com, org.openjdk@io7m.com, com.myfitnesspal@io7m.com, org.codehaus@io7m.com, org.readium@io7m.com, org.khanacademy@io7m.com, com.nexusmods@io7m.com, io.github.apitrace@io7m.com, com.apple@io7m.com, org.apache.commons@io7m.com, org.freebsd.security@io7m.com, com.stronglifts@io7m.com, com.carpediemkravmaga@io7m.com, uk.co.discountsupplements@io7m.com, co m.skype@io7m.com, com.goodhempnutrition@io7m.com, org.jgrapht@io7m.com, com.google@io7m.com, android-developers@io7m.com, org.mapdb@io7m.com, com.jetbrains@io7m.com, org.eclipse@io7m.com, com.slack@io7m.com, net.openvpn@io7m.com, nu.xom@io7m.com, de.jflex.users@io7m.com, org.freesound@io7m.com, org.blender@io7m.com, com.bugsnag@io7m.com, com.git-scm@io7m.com X-AuthUser: X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2016 09:38:16 -0000 Hello. On 2016-06-25T18:13:18 -0600 Alan Somers wrote: > On Sat, Jun 25, 2016 at 4:05 PM, wrote: > > I'm not using vnet jails. I'm actually just trying to get filtering of > > outbound traffic (see the other mail I sent to this list a few seconds > > before you responded). > > Based on my experience, I highly recommend vnet jails if you want > outbound filtering. It's much simpler than trying to filter outbound > traffic from shared-IP jails. I'm trying to look at vnet jails, but they still seem to be mostly undocumented and not entirely supported. Lots of fairly recent posts online regarding panics in day-to-day use. Using them in production seems risky. Is there something I should be looking at in particular? When you say shared-IP jails, what exactly are you referring to? I'm not sure what's shared in this case; I have one public IP (it's a VPS) but individual jails are on their own private loopback addresses. M From owner-freebsd-net@freebsd.org Sun Jun 26 10:02:42 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 64C13A7905E for ; Sun, 26 Jun 2016 10:02:42 +0000 (UTC) (envelope-from org.freebsd.security@io7m.com) Received: from jackal.cherry.relay.mailchannels.net (jackal.cherry.relay.mailchannels.net [23.83.223.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5C39A1E1B; Sun, 26 Jun 2016 10:02:38 +0000 (UTC) (envelope-from org.freebsd.security@io7m.com) X-Sender-Id: _forwarded-from|212.69.61.187 Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 427CA123370; Sun, 26 Jun 2016 09:45:28 +0000 (UTC) Received: from bs3-dallas.accountservergroup.com (ip-10-213-14-133.us-west-2.compute.internal [10.213.14.133]) by relay.mailchannels.net (Postfix) with ESMTPA id B04B71237E3; Sun, 26 Jun 2016 09:45:27 +0000 (UTC) X-Sender-Id: _forwarded-from|212.69.61.187 Received: from bs3-dallas.accountservergroup.com (bs3-dallas.accountservergroup.com [10.91.5.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:2500 (trex/5.6.15); Sun, 26 Jun 2016 09:45:28 +0000 X-MC-Relay: Forwarding X-MailChannels-SenderId: _forwarded-from|212.69.61.187 X-MailChannels-Auth-Id: wwwh X-MC-Loop-Signature: 1466934327949:3781415982 X-MC-Ingress-Time: 1466934327949 Received: from cust187-dsl61.idnet.net ([212.69.61.187]:62760 helo=copperhead.int.arc7.info) by bs3-dallas.accountservergroup.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.87) (envelope-from ) id 1bH6d4-000Gd5-Qs; Sun, 26 Jun 2016 04:45:26 -0500 Date: Sun, 26 Jun 2016 09:45:25 +0000 From: To: freebsd-net@freebsd.org Cc: Alan Somers Subject: Re: Filtering outbound traffic for private address jails? Message-ID: <20160626094525.0d8254aa@copperhead.int.arc7.info> In-Reply-To: References: <20160625220137.1ed8de16@copperhead.int.arc7.info> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-PopBeforeSMTPSenders: io.github.lmax-exchange@io7m.com, com.the-blueprints@io7m.com, com.dropbox@io7m.com, com.rockstargames@io7m.com, org.openjdk@io7m.com, com.git-scm@io7m.com, com.bugsnag@io7m.com, com.jetbrains@io7m.com, com.apple@io7m.com, org.readium@io7m.com, com.google@io7m.com, com.slack@io7m.com, android-developers@io7m.com, com.skype@io7m.com, com.nexusmods@io7m.com, com.carpediemkravmaga@io7m.com, com.myfitnesspal@io7m.com, com.stronglifts@io7m.com, uk.co.discountsupplements@io7m.com, org.khanacademy@io7m.com, com.goodhempnutrition@io7m.com, org.freesound@io7m.com, org.mapdb@io7m.com, io.github.apitrace@io7m.com, org.codehaus@io7m.com, nu.xom@io7m.com, org.blender@io7m.com, org.jgrapht@io7m.com, org.eclipse@io7m.com, net.openvpn@io7m.com, org.freebsd.security@io7m.com, org.apache.commons@io7m.com, de.jflex.users@io7m.com, org.mesa3d.mesa-users@io7m.com, net.java@io7m.com, com.io7m.lists@io7m.com, org.codehaus.mojo@io7m.com, com.meetup@io7m.com, org.archlinux@io7m.com, com.steampowered@io7m.com, com.blendswap@ io7m.com, org.opengl@io7m.com, legalandgeneral@io7m.com, org.freedesktop@io7m.com, org.jogamp@io7m.com, org.junit@io7m.com, org.apache.maven.user@io7m.com, org.sonatype@io7m.com, org.dyn4j@io7m.com, com.creative.opensource.openal@io7m.com, org.fossil-scm.fossil-users@io7m.com, github@io7m.com, code@io7m.com, contact@io7m.com, mark-ext@io7m.com, mark@io7m.com X-AuthUser: X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2016 10:02:42 -0000 Hello. On 2016-06-25T17:17:53 -0600 Alan Somers wrote: > > I'm filtering outbound traffic, but I'm not using NAT on the jail > host. Instead, I have a dedicated router doing NAT, and my jail host > has multiple IP addresses. At first I tried using traditional > shared-address jails, but the firewall rules quickly got very > complicated, especially for dealing with IPv6 and other non-IPv4 > traffic. So I switched to using vimage jails. I use iocage to setup > my jails, and pf to filter them. A simplified version of my pf.conf > follows: As far as I'm aware, I cannot do this. I'm using a VPS that gives me exactly one public IP address. If I want multiple addresses, they have to be private addresses (on loopback, or possibly via something like vnet) and I have to use some sort of software solution to expose them to the outside world (and filter in/out). > www_services = "{ http, https, 8080 }" > host_iface = "em0" > dmz_iface = "em1" > www_jail_iface = "vnet0:1" > www_ip = "192.168.0.40" > set state-policy if-bound > > scrub in > block in all > block out all > > pass in on $host_iface > pass out on $host_iface > set skip on lo0 > > # Allow all traffic to the DMZ. Filtering happens on individual vnet > # interfaces > pass in on $dmz_iface > pass out on $dmz_iface > > # Put the www jail in a DMZ. Don't allow outgoing traffic from it except for > # the webserver > pass out on $www_jail_iface proto tcp to $www_ip port $www_services keep state > # Uncomment next line to allow outbound traffice from www jail > # pass in on $www_jail_iface I'm not sure I fully understand. $host_iface and $dmz_iface are real physical NICs? $www_jail_iface obviously isn't. I understand how $dmz_iface and $www_jail_iface interact: Packets sent from the jail are incoming on $www_jail_iface and outbound on $dmz_iface, but how is $host_iface involved? M From owner-freebsd-net@freebsd.org Sun Jun 26 10:06:52 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55A48A791C9 for ; Sun, 26 Jun 2016 10:06:52 +0000 (UTC) (envelope-from org.freebsd.security@io7m.com) Received: from beige.tulip.relay.mailchannels.net (beige.tulip.relay.mailchannels.net [23.83.218.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E0031F8A for ; Sun, 26 Jun 2016 10:06:50 +0000 (UTC) (envelope-from org.freebsd.security@io7m.com) X-Sender-Id: _forwarded-from|212.69.61.187 Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 51890123DFE for ; Sun, 26 Jun 2016 10:06:46 +0000 (UTC) Received: from bs3-dallas.accountservergroup.com (ip-10-37-2-55.us-west-2.compute.internal [10.37.2.55]) by relay.mailchannels.net (Postfix) with ESMTPA id D5777123DC3 for ; Sun, 26 Jun 2016 10:06:45 +0000 (UTC) X-Sender-Id: _forwarded-from|212.69.61.187 Received: from bs3-dallas.accountservergroup.com (bs3-dallas.accountservergroup.com [10.21.150.52]) (using TLSv1 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:2500 (trex/5.6.15); Sun, 26 Jun 2016 10:06:46 +0000 X-MC-Relay: Forwarding X-MailChannels-SenderId: _forwarded-from|212.69.61.187 X-MailChannels-Auth-Id: wwwh X-MC-Loop-Signature: 1466935606044:3262865481 X-MC-Ingress-Time: 1466935606043 Received: from cust187-dsl61.idnet.net ([212.69.61.187]:54487 helo=copperhead.int.arc7.info) by bs3-dallas.accountservergroup.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.87) (envelope-from ) id 1bH6xg-0003qU-UT for freebsd-net@freebsd.org; Sun, 26 Jun 2016 05:06:45 -0500 Date: Sun, 26 Jun 2016 10:06:43 +0000 From: To: freebsd-net@freebsd.org Subject: Re: Filtering outbound traffic for private address jails? Message-ID: <20160626100643.7a1f650e@copperhead.int.arc7.info> In-Reply-To: References: <20160625220137.1ed8de16@copperhead.int.arc7.info> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-PopBeforeSMTPSenders: com.rockstargames@io7m.com, com.myfitnesspal@io7m.com, com.git-scm@io7m.com, org.codehaus@io7m.com, io.github.lmax-exchange@io7m.com, com.meetup@io7m.com, org.readium@io7m.com, org.khanacademy@io7m.com, com.nexusmods@io7m.com, io.github.apitrace@io7m.com, com.apple@io7m.com, org.apache.commons@io7m.com, org.freebsd.security@io7m.com, com.stronglifts@io7m.com, com.carpediemkravmaga@io7m.com, uk.co.discountsupplements@io7m.com, com.the-blueprints@io7m.com, org.codehaus.mojo@io7m.com, com.skype@io7m.com, com.goodhempnutrition@io7m.com, net.java@io7m.com, com.dropbox@io7m.com, com.io7m.lists@io7m.com, org.openjdk@io7m.com, org.jgrapht@io7m.com, com.google@io7m.com, android-developers@io7m.com, org.opengl@io7m.com, org.mapdb@io7m.com, com.jetbrains@io7m.com, org.eclipse@io7m.com, com.slack@io7m.com, net.openvpn@io7m.com, nu.xom@io7m.com, de.jflex.users@io7m.com, com.blendswap@io7m.com, org.archlinux@io7m.com, com.steampowered@io7m.com, org.mesa3d.mesa-users@io7m.com, org.freesound@io7m.com, org.blender@i o7m.com, com.bugsnag@io7m.com, legalandgeneral@io7m.com, org.freedesktop@io7m.com, org.jogamp@io7m.com, org.junit@io7m.com, org.apache.maven.user@io7m.com, org.sonatype@io7m.com, org.dyn4j@io7m.com, com.creative.opensource.openal@io7m.com, org.fossil-scm.fossil-users@io7m.com, github@io7m.com, code@io7m.com, contact@io7m.com, mark-ext@io7m.com, mark@io7m.com X-AuthUser: X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2016 10:06:52 -0000 'Lo. On 2016-06-26T02:32:04 +0000 James Lodge wrote: > > If you clone lo1, give it a 192.168.x.x/32 IP and then use the following pf.conf > Do you need to bridge the interfaces? You may need to add gateway_enable="YES" to rc.conf > > Not sure if that's what you're trying to do? > > James > > > IP_PUB="Your Public IP Address Here" > IP_JAIL="192.168.0.2" > NET_JAIL="192.168.0.0/24" > PORT_JAIL="{80,443,2020}" > > scrub in all > nat pass on em0 from $NET_JAIL to any -> $IP_PUB > rdr pass on em0 proto tcp from any to $IP_PUB port $PORT_WWW -> $IP_JAIL Interesting! Writing the filtering rules as "nat pass" statements does at least allow basic outbound filtering, as specifying a rule along with the nat statement allows you to talk about individual specific jails. Thanks, I will try using this if vnet jails don't work out. M From owner-freebsd-net@freebsd.org Sun Jun 26 10:40:53 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D16EA79D54 for ; Sun, 26 Jun 2016 10:40:53 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0132.outbound.protection.outlook.com [104.47.2.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 996F12055 for ; Sun, 26 Jun 2016 10:40:51 +0000 (UTC) (envelope-from James@Lodge.me.uk) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gavinlodge.onmicrosoft.com; s=selector1-Lodge-me-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=nN0a+n3kK4ke2RY463nM9Z9AWdGLiOcB8dOEwjGvqTE=; b=Vvdqpe5VE3ht5KQzNrXGTLiFns5kMuzQItbuDa6wpKm3tFpt9eG3z7RzrtZnmBYsCM55zNejptMVh/cUhD3NNMjM9pfGATzevoXDEHMGN/Ar0EK4gb/sfWlmkGSD+b2n7laI0qTRIb+vXugiPACiHnEjMbqYMVmj9BcDWz3NblM= Received: from DB5PR06MB1718.eurprd06.prod.outlook.com (10.165.213.16) by DB5PR06MB1720.eurprd06.prod.outlook.com (10.165.213.18) with Microsoft SMTP Server (TLS) id 15.1.534.8; Sun, 26 Jun 2016 10:25:27 +0000 Received: from DB5PR06MB1718.eurprd06.prod.outlook.com ([10.165.213.16]) by DB5PR06MB1718.eurprd06.prod.outlook.com ([10.165.213.16]) with mapi id 15.01.0528.014; Sun, 26 Jun 2016 10:25:27 +0000 From: James Lodge To: "org.freebsd.security@io7m.com" , "freebsd-net@freebsd.org" Subject: Re: Filtering outbound traffic for private address jails? Thread-Topic: Filtering outbound traffic for private address jails? Thread-Index: AQHRzy5kidDlXJVON0eMaGq8Ct2cf5/7B32NgAB/B4CAAAFItw== Date: Sun, 26 Jun 2016 10:25:26 +0000 Message-ID: References: <20160625220137.1ed8de16@copperhead.int.arc7.info> , <20160626100643.7a1f650e@copperhead.int.arc7.info> In-Reply-To: <20160626100643.7a1f650e@copperhead.int.arc7.info> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=James@Lodge.me.uk; x-originating-ip: [25.165.200.132] x-ms-office365-filtering-correlation-id: f493cc42-ef2b-4a50-ce66-08d39dac30f6 x-microsoft-exchange-diagnostics: 1; DB5PR06MB1720; 6:mH2/BUFGTcEoCByoIzIiltmjYg98JugGMywVf8eMNwJpx9RXcWwLI92AfDRguM5JYv6vMY+68FcybTU7tgaNPB7dvxvrKe+/hVmIgSSDazFlNHbxUhmdVw9gLBeI3TU58n3uzvGyWoe3RVbQr7dToaP1j9zI41Ep/G6NzXgpYHHHbZE9NYDMY1gg7oO5u7pEk2DeFNx8omTA0nPW5mZD/YGwRyYrpFvdHKW+Iblit/CLYiQ0sXNT+Y0OisBs/gtu9OIkP2VidqFw8/UvvKapSzYZOp0ZSOPBa5c1d9MRf4qvD1x8ljUsM0Kjxrs3znWw; 5:BTffyilzFq/oa9NJl752yS7RtlJuZQrFOJb+6aFpMFHD1RKgnyt27TKIZbaAXkcYiKUOQ6vaqliK76AnXRE3+4knlWymIdtRywseIydbcv8t3KpftF+Ledh8iIipHavfEBt/ItvqG0w7EktiDOpX9w==; 24:E7WZ2pwbP9hnaXNVZoPZMNDnoArXkkCG/HXGRg/FUile1QhdTLQWOCSzTR0KiSxwdhmgl3LG9pXAsxUm9g7+GoXf6cfDfEm7n3gXNcou8Po=; 7:ROBCyqXHVOO/KPyrTlv6fFDUO+EYIGFX8H4+pwL4niL+vej+2Y0K1sy9Y3tPKNdUjpS5CkcpE+S43+cYgg6RWZXp34R0ulnZNk0lzkY7XK61mOSuLtzEnAT/05bEmQcIxSBMWxvuaHarqKBO5ZbP3VbO+UHzAcJXcRXbTbBdm1WScQ5DN4EVjE98fM76P+yfGo3vOyucxrINvA4HWCfKamc3aCE7uNpQgpU77grdTh4nsIXycuOqsWnW1MlqFHni x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR06MB1720; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(75325880899374); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040130)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6041072)(6043046); SRVR:DB5PR06MB1720; BCL:0; PCL:0; RULEID:; SRVR:DB5PR06MB1720; x-forefront-prvs: 0985DA2459 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(199003)(24454002)(189002)(80792005)(105586002)(101416001)(19625215002)(107886002)(2950100001)(5001770100001)(97736004)(5002640100001)(2900100001)(19627405001)(106356001)(106116001)(15975445007)(19617315012)(102836003)(50986999)(54356999)(76176999)(81166006)(7696003)(5003600100003)(6116002)(9686002)(7736002)(7846002)(2906002)(77096005)(7906003)(189998001)(66066001)(11100500001)(74482002)(8936002)(122556002)(68736007)(74316001)(86362001)(10400500002)(76576001)(2501003)(92566002)(16236675004)(8676002)(3280700002)(81156014)(3846002)(87936001)(33656002)(19580405001)(586003)(3660700001)(19580395003); DIR:OUT; SFP:1102; SCL:1; SRVR:DB5PR06MB1720; H:DB5PR06MB1718.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: Lodge.me.uk does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: Lodge.me.uk X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jun 2016 10:25:26.8506 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ded56ae9-7c77-4cf6-bbfd-39e6a505742d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR06MB1720 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2016 10:40:53 -0000 >'Lo. >On 2016-06-26T02:32:04 +0000 >James Lodge wrote: > > If you clone lo1, give it a 192.168.x.x/32 IP and then use the following = pf.conf > Do you need to bridge the interfaces? You may need to add gateway_enable= =3D"YES" to rc.conf > > Not sure if that's what you're trying to do? > > James > > > IP_PUB=3D"Your Public IP Address Here" > IP_JAIL=3D"192.168.0.2" > NET_JAIL=3D"192.168.0.0/24" > PORT_JAIL=3D"{80,443,2020}" > > scrub in all > nat pass on em0 from $NET_JAIL to any -> $IP_PUB > rdr pass on em0 proto tcp from any to $IP_PUB port $PORT_WWW -> $IP_JAIL >Interesting! >Writing the filtering rules as "nat pass" statements does at least >allow basic outbound filtering, as specifying a rule along with the nat >statement allows you to talk about individual specific jails. >Thanks, I will try using this if vnet jails don't work out. >M >_______________________________________________ f>reebsd-net@freebsd.org mailing list >https://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" I'm doing something every similar to you in a Digital Ocean droplet with a = single public IP., though I don't filter outbound. I reverse proxy HTTP(s) = via nginx with SNI support mostly. It works very well for me, I just wish (= though I know its being look at and possible coming soon) I had ZFS. From owner-freebsd-net@freebsd.org Sun Jun 26 15:20:32 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A668B8134D for ; Sun, 26 Jun 2016 15:20:32 +0000 (UTC) (envelope-from "."@babolo.ru) Received: from smtp.babolo.ru (smtp.babolo.ru [194.58.246.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.babolo.ru", Issuer "babolo" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1E8FD2DC5 for ; Sun, 26 Jun 2016 15:20:31 +0000 (UTC) (envelope-from "."@babolo.ru) Received: from cicuta.babolo.ru (cicuta.babolo [127.0.2.61]) by smtp.babolo.ru (8.15.2/8.15.2) with SMTP id u5QF57cn017616; Sun, 26 Jun 2016 18:05:07 +0300 (MSK) (envelope-from "."@babolo.ru) Received: (nullmailer pid 27618 invoked by uid 136); Sun, 26 Jun 2016 15:15:39 -0000 Date: Sun, 26 Jun 2016 18:15:39 +0300 From: Aleksandr A Babaylov <"."@babolo.ru> To: org.freebsd.security@io7m.com Cc: freebsd-net@freebsd.org Subject: Re: Filtering outbound traffic for private address jails? Message-ID: <20160626151539.GA27211@babolo.ru> References: <20160625220137.1ed8de16@copperhead.int.arc7.info> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160625220137.1ed8de16@copperhead.int.arc7.info> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2016 15:20:32 -0000 On Sat, Jun 25, 2016 at 10:01:37PM +0000, org.freebsd.security@io7m.com wrote: > Hello. > > I have been searching for the best part of a day for a solution to this > problem and quite frankly cannot believe that I've spent this long on > something that appears to be so simple and that used to be fairly easy > to achieve. Many years ago, I solved this problem on FreeBSD 6, but the > way I did it there seems to no longer work on modern releases. > > The problem is this: I have a single public IP address. I want to run > multiple jails. > > Back in the days of FreeBSD 6.*, the accepted way to do this seemed to > be to create a new loopback device: > > # ifconfig lo1 create > > ... and then add a lot of private 127.0.0.* addresses, one per jail. > > Then, the real network adapter and the new loopback device were both > added to a bridge (if_bridge). Unfortunately, I can't remember the exact > details, but I believe that NAT was then enabled on the real interface. > In order to filter traffic to, from, and between jails, pf rules were > written that filtered the bridge device. > > This meant that jails could correctly send outbound traffic and > receive responses (via pf states), could correctly receive specific > inbound traffic (via rdr rules), and traffic in both directions could be > filtered based on packets entering and leaving the bridge. > > However (see my other mailing list post), it seems that now with > FreeBSD 10, you just can't add loopback devices to bridges. I can find > no evidence of anyone online doing this, or even using the old bridge > method that I just described! I can find one post in russian that seems > to have the same error that I encounter, but nobody has any idea why > it's happening. > > I can find dozens of blog posts describing how to set up jails on > private IP addresses. They all follow the same pattern: > > 1. Create a loopback device. > 2. Create a 127.0.0.* address on the loopback device. > 3. Create a jail using the address you just added. > 4. Set up pf and enable NAT between the real network adapter and > the new loopback device. > > Unfortunately, at this point, you completely lose the ability to filter > outbound jail traffic; All packets sent from a jail will obviously have > their source address changed to that of the host and therefore it's not > possible to distinguish between outbound host traffic and outbound jail > traffic in filter rules. > > As far as I can tell, people are just not filtering outbound traffic, > which seems insane! > > Is it really impossible to do this with FreeBSD 10? I am not shure about 127.0.0.* adresses, there is some restritions in kernel. It is easy to do what you want when using another private adresses and ipfw. Just ifconfig private adresses on em0 and use rules simirar to: 10000 skip to 30000 ip from any to any out 12000 allow .... .... deny ... 20000 nat 1 ... 21000 allow .... .... deny ... 29000 deny ip fom any to any 31000 allow ip from your_private_IP to any src-port ... dst-port ... .... so on 40000 nat 1 ... 41000 allow .... .... deny ... And config ipfw nat 1 as suit to you. From owner-freebsd-net@freebsd.org Sun Jun 26 15:43:55 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92668B81845 for ; Sun, 26 Jun 2016 15:43:55 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B3F82865 for ; Sun, 26 Jun 2016 15:43:55 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-oi0-x22f.google.com with SMTP id r2so172828112oih.2 for ; Sun, 26 Jun 2016 08:43:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=LSAkmvobz3+QO1wgOayo65LW+4OUmKLQXHgwYuAfPHM=; b=AYnIPzWFKhTGSNxQxJ6iW+QH5xxj90zmeoXl/ZbRc5QVLilKZdsl9ko0IOqJvL6ACk co//yo0I78jePuTAz+jAyZKDD2czuLqnASYNW/EppfssGTcurWUYnaSZiHQHV/M7ESfK HLkDxHuncBlhBM0jwyw7ZFO4BygS9KOIx4Xp0bfwWsnlHLAOQnvpygGtbD+cED4IazHa YJbz9Tjv43P8GkVRz8KpLH0TP/Zxn6x+Ws+7a1d82Cr128gPWF7zVUJk9HkwpXrnkfLe Dn9SEeITs1n1Ycq3SKpFiXzIw47SoTVRAxtfFhUU800W/kZGcOht3qQYc7zNDLl0BeY9 H7gQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=LSAkmvobz3+QO1wgOayo65LW+4OUmKLQXHgwYuAfPHM=; b=F23h3IQeRO1xvHRxS24mwHlQxNBbGRYgrkXpe6yuMW/FxG7Jkr0yilC8nljMTi4VHv QOWbnUv+7UDhgXcxqWI7RDpECdxUqGo0laebFRtIIP/LKn0KFSftuJ2Bri/UXNR1eEm9 X2bsjdJtPhfREKpR8/TMGETN0eNUOJNhFMzk9dJUL60iZROPXAEknoMpuGOZ4bu8f2Ul yJSyhdzFqgTnnZakhKMy+gHBROly0AIFDZiqfZvwp7iUnv8/YGNykEZn1FRfykIY9wpz BXjMF+YfpSsaNd93139zzGNhtuPl7g4XPyXQGRPagtvbcS5gIf7l2MW+hdhdv08j5LCR xOvA== X-Gm-Message-State: ALyK8tIXF7zEXNVkulkFONltfw36MbR7+2HzCDj0SjOxp1IbMFeI9ooudGECQ/yjtJVBtkzISWc7UdG3BIwmyg== X-Received: by 10.157.29.106 with SMTP id m97mr8538251otm.164.1466955834444; Sun, 26 Jun 2016 08:43:54 -0700 (PDT) MIME-Version: 1.0 Sender: asomers@gmail.com Received: by 10.202.168.149 with HTTP; Sun, 26 Jun 2016 08:43:53 -0700 (PDT) In-Reply-To: <20160626093754.5e534ff4@copperhead.int.arc7.info> References: <20160625164240.7cea7587@copperhead.int.arc7.info> <20160625234636.2f086908@x23> <20160625220551.646eccb6@copperhead.int.arc7.info> <20160626093754.5e534ff4@copperhead.int.arc7.info> From: Alan Somers Date: Sun, 26 Jun 2016 09:43:53 -0600 X-Google-Sender-Auth: 3mGaK05oGmiM0P5e7Y4jGqrcuf0 Message-ID: Subject: Re: ifconfig: BRDGADD lo1: invalid argument To: org.freebsd.security@io7m.com Cc: FreeBSD Net Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2016 15:43:55 -0000 On Sun, Jun 26, 2016 at 3:37 AM, wrote: > Hello. > > On 2016-06-25T18:13:18 -0600 > Alan Somers wrote: > >> On Sat, Jun 25, 2016 at 4:05 PM, wrote: >> > I'm not using vnet jails. I'm actually just trying to get filtering of >> > outbound traffic (see the other mail I sent to this list a few seconds >> > before you responded). >> >> Based on my experience, I highly recommend vnet jails if you want >> outbound filtering. It's much simpler than trying to filter outbound >> traffic from shared-IP jails. > > I'm trying to look at vnet jails, but they still seem to be mostly > undocumented and not entirely supported. Lots of fairly recent posts > online regarding panics in day-to-day use. Using them in production > seems risky. Is there something I should be looking at in particular? I'm not sure how many known bugs they have. Adrian Chadd (adrian@) is the best person to ask. > > When you say shared-IP jails, what exactly are you referring to? I'm > not sure what's shared in this case; I have one public IP (it's a VPS) > but individual jails are on their own private loopback addresses. A shared-IP jail is the traditional, non-vnet type. You assign an alias address to one of the host's network interfaces, and then assign that address to the jail. It's called "shared-IP" because both host and jail can see a network interface with that IP address. > > M From owner-freebsd-net@freebsd.org Mon Jun 27 20:35:09 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5626AB850FD for ; Mon, 27 Jun 2016 20:35:09 +0000 (UTC) (envelope-from pallav_bose@yahoo.com) Received: from nm36-vm9.bullet.mail.gq1.yahoo.com (nm36-vm9.bullet.mail.gq1.yahoo.com [98.136.216.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 301A12015 for ; Mon, 27 Jun 2016 20:35:08 +0000 (UTC) (envelope-from pallav_bose@yahoo.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1467059702; bh=rwQ9FZ8PIul5HRBQFZvxNxRs+0rEYrNB03pSEYkIWmA=; h=Date:From:Reply-To:To:Subject:References:From:Subject; b=ZB5chMOtZNoRgFEquq6pCU2XUbFj+BWGQvx7LF0QHapUo2POzv6+8aj4LJaUyXtB5Hu+6wCexFOcyi2wWs7p4GNb/2GSHnsrcTWlnkVRGJVMeKhcf2pI+19KlD3udCwrkUiU4tSYqfxvVadBfQHCv2QG+QYQCkaPkc7flv0anjI4AoH8dJFykucZUd7k9OehJ2LIH1ITihw2sHPM2c4ueQoq2phDgMLYZJFebGywvD2RpaZOpH3GHevLCs9DFo5f5eHNUxgxJQ5uXMhtx0eYEmrfEKINxoE200SxjJEoMqX5T3skN9/REV8yQQBi0PFoSZxfxzi7CpCJMC62YehSjg== Received: from [127.0.0.1] by nm36.bullet.mail.gq1.yahoo.com with NNFMP; 27 Jun 2016 20:35:02 -0000 Received: from [98.137.12.59] by nm36.bullet.mail.gq1.yahoo.com with NNFMP; 27 Jun 2016 20:32:19 -0000 Received: from [98.137.12.196] by tm4.bullet.mail.gq1.yahoo.com with NNFMP; 27 Jun 2016 20:32:19 -0000 Received: from [127.0.0.1] by omp1004.mail.gq1.yahoo.com with NNFMP; 27 Jun 2016 20:32:19 -0000 X-Yahoo-Newman-Property: ymail-4 X-Yahoo-Newman-Id: 246890.76427.bm@omp1004.mail.gq1.yahoo.com X-YMail-OSG: ZlQVQsUVM1mrbW7jXV0wXSWl70gxUqE2bCtvZiDw5phaJ.gTWYhb0xmkH5QtgaE taRSr78sOf9SS4FUR74kZ7y_I3TpG5mbPHFQNrZpR2yIPMsc.Eb_X_OkbvtqwkhAPS34zNcf2qP0 xQuCeTH8_jEtXTS.8AG3PrLz6K_2qY67HvFL9n.RjUeYyLYdW9lkHctJObzWHIXBa738lEtOFvwS 8tAIQw99O.c09_FGKMSihLw.8xVc49t8rpGtS8XN6DILOvj4lgFaJtW3R5Hw481MhG__81aE1N06 xygqEC6ZEAOkSoug2siTegfKUNeCP66oSaVcvayOGvSuEjsLL4gROD1A2.bYtgi.pndwk8uczVG8 WlcXhNum9yOmfGMVH4_Y6_e9714W5oHUX2RUX.uiMc_EH3DRP3oWZZiqPV_vQG1oIt4iup.kczjD CGdBsgrQ.C3P98RCmnH3yOrcFf2GCI2cK78Lc8oj4_1VU8neCuGj1SwY9Lgve7J1BStHm50iVfl3 0K9E5klCl_xe30zVZCVGXl.m7y6sx34sdR_b9o30m Received: from jws10754.mail.gq1.yahoo.com by sendmailws101.mail.gq1.yahoo.com; Mon, 27 Jun 2016 20:32:18 +0000; 1467059538.734 Date: Mon, 27 Jun 2016 20:32:18 +0000 (UTC) From: Pallav Bose Reply-To: Pallav Bose To: "freebsd-net@freebsd.org" Message-ID: <613325570.2292399.1467059538523.JavaMail.yahoo@mail.yahoo.com> Subject: Wiring down network interfaces MIME-Version: 1.0 References: <613325570.2292399.1467059538523.JavaMail.yahoo.ref@mail.yahoo.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2016 20:35:09 -0000 Hi, How do I wire down network interfaces based on their PCI bus addresses? Exa= mple: I have the following network interfaces:# pciconf -l | grep bgebge0 a= t pci0:8:0:0: =C2=A0 =C2=A0 =C2=A0 =C2=A0class=3D0x020000 card=3D0x200314e4= chip=3D0x165f14e4 rev=3D0x00 hdr=3D0x00bge1 at pci0:8:0:1: =C2=A0 =C2=A0 = =C2=A0 =C2=A0class=3D0x020000 card=3D0x200314e4 chip=3D0x165f14e4 rev=3D0x0= 0 hdr=3D0x00bge2 at pci0:10:0:0: =C2=A0 =C2=A0 =C2=A0 class=3D0x020000 card= =3D0x200314e4 chip=3D0x165f14e4 rev=3D0x00 hdr=3D0x00bge3 at pci0:10:0:1: = =C2=A0 =C2=A0 =C2=A0 class=3D0x020000 card=3D0x200314e4 chip=3D0x165f14e4 r= ev=3D0x00 hdr=3D0x00bge4 at pci0:2:0:0: =C2=A0 =C2=A0 =C2=A0 =C2=A0class=3D= 0x020000 card=3D0x04f81028 chip=3D0x165f14e4 rev=3D0x00 hdr=3D0x00bge5 at p= ci0:2:0:1: =C2=A0 =C2=A0 =C2=A0 =C2=A0class=3D0x020000 card=3D0x04f81028 ch= ip=3D0x165f14e4 rev=3D0x00 hdr=3D0x00 I want the network interface at pci0:2:0:0 to be bge0 always, and the one a= t pci0:2:0:1 to be bge1 always. How should populate my /boot/device.hints f= ile? I tried following the steps mentioned here , but after rebooting the system, I ended up wi= th bge2-7 instead (bge0 and bge1 were absent). Thanks,Pallav From owner-freebsd-net@freebsd.org Tue Jun 28 12:53:46 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E8609B81EFB for ; Tue, 28 Jun 2016 12:53:46 +0000 (UTC) (envelope-from julien.charbon@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id C06142738 for ; Tue, 28 Jun 2016 12:53:46 +0000 (UTC) (envelope-from julien.charbon@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id B9839B81EF9; Tue, 28 Jun 2016 12:53:46 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B66C2B81EF6; Tue, 28 Jun 2016 12:53:46 +0000 (UTC) (envelope-from julien.charbon@gmail.com) Received: from mail-wm0-f43.google.com (mail-wm0-f43.google.com [74.125.82.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 40BC32734; Tue, 28 Jun 2016 12:53:45 +0000 (UTC) (envelope-from julien.charbon@gmail.com) Received: by mail-wm0-f43.google.com with SMTP id f126so138856072wma.1; Tue, 28 Jun 2016 05:53:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=dUKiVftu2nC9WGdNydlDM4lt1LrPlWow3gqVE05hN/g=; b=bdldi0ZwEwONKS2SwNUR3++SYuSCUtp5dRmdXlbi9ZNPBeY1e+GGNgfDIZFaF2UCwJ 7dpWZIzqmWgBAVgFQFU/3WcTqwQyjxiI8b1NTq5HX2NL42ZVjKk26sWQ1xaiZ2Kkwlkw KwxUMTxvWy1ssj+D3YSotrWQCIHcrtgPGvcOVarfDgZSecm/zspdTP4WZZKMToKgisMS 17EoTPLwilyjagKXnzNWmT4aw+G71bW78kVsxDmtwzk6dDV1wf4b6A3fIpwegZrPjQao pznybcy4YvMjL3kv93lD9UmIWDZYKtlKqZvJ5NDQqHGb0kc11GhsVw8BvgRQT4Q2dsqK Kw3w== X-Gm-Message-State: ALyK8tLYj+yQ//LAWXh1yw0MBMrMSwiYl2krkOdxzV7AZzu1nV6zJc474PlzrunROA7Yjg== X-Received: by 10.28.147.7 with SMTP id v7mr2498699wmd.37.1467107948416; Tue, 28 Jun 2016 02:59:08 -0700 (PDT) Received: from [10.5.50.30] (125.226.200.213.static.wline.lns.sme.cust.swisscom.ch. [213.200.226.125]) by smtp.gmail.com with ESMTPSA id ur2sm1317724wjc.33.2016.06.28.02.59.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Jun 2016 02:59:07 -0700 (PDT) Subject: Re: panic with tcp timers To: Randall Stewart , current@freebsd.org References: <20160617045319.GE1076@FreeBSD.org> <1f28844b-b4ea-b544-3892-811f2be327b9@freebsd.org> <20160620073917.GI1076@FreeBSD.org> <1d18d0e2-3e42-cb26-928c-2989d0751884@freebsd.org> <20160620095822.GJ1076@FreeBSD.org> <74bb31b7-a9f5-3d0c-eea0-681872e6f09b@freebsd.org> <18D94615-810E-4E79-A889-4B0CC70F9E45@netflix.com> <6E52CA6A-2153-4EF9-A3E1-97CB0D07EB28@freebsd.org> Cc: hselasky@FreeBSD.org, net@FreeBSD.org From: Julien Charbon Message-ID: Date: Tue, 28 Jun 2016 11:58:56 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <6E52CA6A-2153-4EF9-A3E1-97CB0D07EB28@freebsd.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="V2vxqg2bse8BDAiFdbkRFrXdAgQxIDLnB" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2016 12:53:47 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --V2vxqg2bse8BDAiFdbkRFrXdAgQxIDLnB Content-Type: multipart/mixed; boundary="VSScAOvNUr1ikVRhBTpmu42CTd9EplESr" From: Julien Charbon To: Randall Stewart , current@freebsd.org Cc: hselasky@FreeBSD.org, net@FreeBSD.org Message-ID: Subject: Re: panic with tcp timers References: <20160617045319.GE1076@FreeBSD.org> <1f28844b-b4ea-b544-3892-811f2be327b9@freebsd.org> <20160620073917.GI1076@FreeBSD.org> <1d18d0e2-3e42-cb26-928c-2989d0751884@freebsd.org> <20160620095822.GJ1076@FreeBSD.org> <74bb31b7-a9f5-3d0c-eea0-681872e6f09b@freebsd.org> <18D94615-810E-4E79-A889-4B0CC70F9E45@netflix.com> <6E52CA6A-2153-4EF9-A3E1-97CB0D07EB28@freebsd.org> In-Reply-To: <6E52CA6A-2153-4EF9-A3E1-97CB0D07EB28@freebsd.org> --VSScAOvNUr1ikVRhBTpmu42CTd9EplESr Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Randall, On 6/25/16 4:41 PM, Randall Stewart via freebsd-net wrote: > Ok >=20 > Lets try this again with my source changed to my @freebsd.net :-) >=20 > Now I am also attaching a patch for you Gleb, this will take some pokin= g to > get in to your NF-head since it incorporates some changes we made earli= er. >=20 > I think this will fix the problem.. i.e. dealing with two locks in the = callout system (which it was > never meant to have done).. >=20 > Note we probably can move the code to use the callout lock init now.. b= ut lets see if this works > on your setup on c096 and if so we can think about doing that. Thanks for proposing a patch. I believe your patch will work with callout lock init, but not without: You still have a use-after-free issue on the tcpcb without callout lock init. The case being subtle as usual, let me try to describe that could happen= : With your patch we have: void tcp_timer_keep(void *xtp) { struct tcpcb *tp =3D xtp; struct tcptemp *t_template; struct inpcb *inp; CURVNET_SET(tp->t_vnet); #ifdef TCPDEBUG int ostate; ostate =3D tp->t_state; #endif inp =3D tp->t_inpcb; KASSERT(inp !=3D NULL, ("%s: tp %p tp->t_inpcb =3D=3D NULL", __fu= nc__, tp)); INP_WLOCK(inp); if (callout_pending(&tp->t_timers->tt_keep) ### Use after free of tp here !callout_active(&tp->t_timers->tt_keep)) { INP_WUNLOCK(inp); CURVNET_RESTORE(); return; } ... The use-after-free scenario: [CPU 1] the callout fires, tcp_timer_keep entered [CPU 1] blocks on INP_WLOCK(inp); [CPU 2] schedules tcp_timer_keep with callout_reset() [CPU 2] tcp_discardcb called [CPU 2] tcp_timer_keep callout successfully canceled [CPU 2] tcpcb freed [CPU 1] unblocks, the tcpcb is used Then the tcpcb will used just after being freed... Might also crash or not depending in the case. Extra notes: o The invariant I see here is: The "callout successfully canceled" step should never happen when "the callout is currently being executed". o Solutions I see to enforce this invariant: - First solution: Use callout lock init with inp lock, your patch seems to permit that now. - Second solution: Change callout_async_drain() behavior: It can return 0 (fail) when the callout is currently being executed (no matter what). - Third solution: Don't trust callout_async_drain(callout) return value of 1 (success) if the previous call of callout_reset(callout) returned 0 (fail). That was the exact purpose of r284261 change, but this solution is also step backward in modernization of TCP timers/callout... https://svnweb.freebsd.org/base/stable/10/sys/netinet/tcp_timer.c?r1=3D28= 4261&r2=3D284260&pathrev=3D284261 Hopefully my description is clear enough... -- Julien --VSScAOvNUr1ikVRhBTpmu42CTd9EplESr-- --V2vxqg2bse8BDAiFdbkRFrXdAgQxIDLnB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJXckpqAAoJEKVlQ5Je6dhxbn8IAK+iSIVBRUUwNNolJFmSx47O Y1qySRcEb04Q8qxTZrT72/0FDRyFdMydhTTKh3yifXnTEGeg+wWKomkDNP8RDhgX 96xwXhzos+Y50PEbeKy78/kAZG8UmFaSGRMCDyvUHeTBI9TIRdDjZzJzCgrVqLot a54sCW/+Ud1tXYUO0HEdJqaMWMdAre4Xsn7QNGFF7eY0ewmFj6vbA7VST35SbRnw vP+Oy2VBPb2otqKY+FYYHeUi6gRMs+Nsen0K+hegbokWxBRXWPhft9WuSiz3heTI juMOCALkH/D2lrHTxVkoR3+4+1fTZ9LkmBIaoA8mgH6UbeCvLJLcaODIpvwsVYA= =j5ic -----END PGP SIGNATURE----- --V2vxqg2bse8BDAiFdbkRFrXdAgQxIDLnB-- From owner-freebsd-net@freebsd.org Tue Jun 28 12:56:39 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2591B82D85 for ; Tue, 28 Jun 2016 12:56:39 +0000 (UTC) (envelope-from julien.charbon@gmail.com) Received: from mail-wm0-f47.google.com (mail-wm0-f47.google.com [74.125.82.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49A362956 for ; Tue, 28 Jun 2016 12:56:38 +0000 (UTC) (envelope-from julien.charbon@gmail.com) Received: by mail-wm0-f47.google.com with SMTP id v199so138642034wmv.0 for ; Tue, 28 Jun 2016 05:56:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:references:from:cc:to:message-id:date :user-agent:mime-version:in-reply-to; bh=AnTrWsMWbXQNtOofvi5vnuA3j4cc6EwPfX0KKhh6pHs=; b=dFUc7nkJeJKkJz6ewqnaQnrbf1eAbhFjC/GA+4S8NvHbCl+wEx4+HUMQA592wO8MdI 9EfJtQF6gCwefwg7MByqNBqd7qDiBLsQFQLtI3xQtKEz4WLyVzPOTTuaHr6HHWlY+7v6 FQmqzjPLT9gvJSemJdgBQNONGhNoKZTd0Z/AA61ot/P4h9Va8frD4Dq5X/eYWKqHUXet g1EoQ6ua306t3HXReIZk8qxYbVEFQrxhzonxW3oRHddMu74SrKjZq4tkRTjcIkQAGTU9 CT187ND1Meyo5RF+SsXvB2BAO9BJpGlRw4cu/SliUxOZoahRzowx3wDdCQN9waaYXHBF 1n4g== X-Gm-Message-State: ALyK8tJrzrPidTNHE/CY9pfSkES3ZZr1CgvzS1Fuu4MDy7sIbflKbYGN9eHYSDNTKB9Veg== X-Received: by 10.28.69.134 with SMTP id l6mr15822140wmi.80.1467108380443; Tue, 28 Jun 2016 03:06:20 -0700 (PDT) Received: from [10.5.50.30] (125.226.200.213.static.wline.lns.sme.cust.swisscom.ch. [213.200.226.125]) by smtp.gmail.com with ESMTPSA id u68sm8911442wmu.23.2016.06.28.03.06.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Jun 2016 03:06:19 -0700 (PDT) Subject: Re: TCP stack lock contention with short-lived connections References: <537F39DF.1090900@verisign.com> <537FB51D.2060401@verisign.com> <53861209.2000306@verisign.com> <53880525.6000203@gmail.com> <5665A78E.3090401@freebsd.org> From: Julien Charbon Cc: k simon , hiren panchasara To: freebsd-net@freebsd.org Message-ID: <5635309e-3235-e574-9bd2-a7a484ac0825@freebsd.org> Date: Tue, 28 Jun 2016 12:06:19 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <5665A78E.3090401@freebsd.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="UmvSA2HpxH5UUGo7789TfIBF9u3qU077V" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2016 12:56:39 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --UmvSA2HpxH5UUGo7789TfIBF9u3qU077V Content-Type: multipart/mixed; boundary="sLjvpJBQN2Eh2Alkrg63LMpUhdDa7ei1a" From: Julien Charbon To: freebsd-net@freebsd.org Cc: k simon , hiren panchasara Message-ID: <5635309e-3235-e574-9bd2-a7a484ac0825@freebsd.org> Subject: Re: TCP stack lock contention with short-lived connections References: <537F39DF.1090900@verisign.com> <537FB51D.2060401@verisign.com> <53861209.2000306@verisign.com> <53880525.6000203@gmail.com> <5665A78E.3090401@freebsd.org> In-Reply-To: <5665A78E.3090401@freebsd.org> --sLjvpJBQN2Eh2Alkrg63LMpUhdDa7ei1a Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi -net, On 12/7/15 4:36 PM, Julien Charbon wrote: > On 30/05/14 06:12, k simon wrote: >> Does any plan commit and MFC to the 10-stable ? >=20 > I got a bit of interest of having the performance improvements for > short-lived TCP connections in 10-stable. Just to share the current > status to a wider audience: >=20 > - I maintain a stack of our TCP performance related patches for > 10.2-RELENG here: >=20 > https://github.com/verisign/freebsd/commits/10.2/tcp-scale Got more request to MFC TCP stack short-lived connection changes (see below) in 10: #1 Decrease lock contention within the TCP accept case by removing the INP_INFO lock from tcp_usr_accept https://svnweb.freebsd.org/base?view=3Drevision&revision=3D271119 #2 In tcp_input(), don't acquire the pcbinfo global write lock for SYN packets targeting a listening socket. https://svnweb.freebsd.org/base?view=3Drevision&revision=3D271119 #3 A connection in TIME_WAIT state before calling close() actually did not received any RST packet. https://svnweb.freebsd.org/base?view=3Drevision&revision=3D273014 #4 Decompose TCP INP_INFO lock to increase short-lived TCP connections scalability https://svnweb.freebsd.org/base?view=3Drevision&revision=3D286227 Fix a kernel assertion issue introduced with r286227 https://svnweb.freebsd.org/base?view=3Drevision&revision=3D286443 #5 Make clear that TIME_WAIT timeout expiration is managed solely by tcp_tw_2msl_scan() https://svnweb.freebsd.org/base?view=3Drevision&revision=3D286873 If nobody complains, I plan to MFC them in stable/10. After actually quite a bunch of tests as I see a lot of changes that might impact these MFCs (like TFO support, etc.). -- Julien --sLjvpJBQN2Eh2Alkrg63LMpUhdDa7ei1a-- --UmvSA2HpxH5UUGo7789TfIBF9u3qU077V Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJXckwbAAoJEKVlQ5Je6dhxKh0IANQMF7yaj0dgPU9XN56AMqpa FMI+T8xgTNfyU+OOaSzUpqmdMyLTft3qpXrHJ2EamzsUnST55k6OXHQ+LqtVnZjD de4/gxhaxJG6MX1qBzLnEyOfmS7ZMu0klOxcs08KIHM8VEv/L3MrlwB7XJHdVloj pbpXCN51qsSHfh+GTNfTLHHn7gqvnUFzXnXtYEwSvBomEa0zZBja2lwJzvMkcHHL fd85wV06+340sBzvdACY1jIzAJ72MQGatBz04Rlg1j48IuNMC7oGGceK2L5NYeD2 nf0PJ3b83KzK7p4Q7WUm+oEtcR3EMBnRwUeyU6BLQFOA9wG+qrpcKH3lnc8L8a8= =V1NE -----END PGP SIGNATURE----- --UmvSA2HpxH5UUGo7789TfIBF9u3qU077V-- From owner-freebsd-net@freebsd.org Tue Jun 28 17:51:44 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0666B85BC5 for ; Tue, 28 Jun 2016 17:51:44 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 8BEAF20CD for ; Tue, 28 Jun 2016 17:51:44 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 87C56B85BC4; Tue, 28 Jun 2016 17:51:44 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 851BDB85BC3 for ; Tue, 28 Jun 2016 17:51:44 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: from sender163-mail.zoho.com (sender163-mail.zoho.com [74.201.84.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 72AEA20CA; Tue, 28 Jun 2016 17:51:44 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1467136299583362.64681424073865; Tue, 28 Jun 2016 10:51:39 -0700 (PDT) Date: Tue, 28 Jun 2016 10:51:39 -0700 From: Matthew Macy To: "Julien Charbon" Cc: "Randall Stewart" , "" , "" , "" Message-ID: <15598235139.12175f84421756.2471769249719458878@nextbsd.org> In-Reply-To: References: <20160617045319.GE1076@FreeBSD.org> <1f28844b-b4ea-b544-3892-811f2be327b9@freebsd.org> <20160620073917.GI1076@FreeBSD.org> <1d18d0e2-3e42-cb26-928c-2989d0751884@freebsd.org> <20160620095822.GJ1076@FreeBSD.org> <74bb31b7-a9f5-3d0c-eea0-681872e6f09b@freebsd.org> <18D94615-810E-4E79-A889-4B0CC70F9E45@netflix.com> <6E52CA6A-2153-4EF9-A3E1-97CB0D07EB28@freebsd.org> Subject: Re: panic with tcp timers MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Priority: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2016 17:51:44 -0000 You guys should really look at Samy Bahra's epoch based reclamation. I solved a similar problem in drm/linuxkpi using it. -M ---- On Tue, 28 Jun 2016 02:58:56 -0700 Julien Charbon wrote ---- > > Hi Randall, > > On 6/25/16 4:41 PM, Randall Stewart via freebsd-net wrote: > > Ok > > > > Lets try this again with my source changed to my @freebsd.net :-) > > > > Now I am also attaching a patch for you Gleb, this will take some poking to > > get in to your NF-head since it incorporates some changes we made earlier. > > > > I think this will fix the problem.. i.e. dealing with two locks in the callout system (which it was > > never meant to have done).. > > > > Note we probably can move the code to use the callout lock init now.. but lets see if this works > > on your setup on c096 and if so we can think about doing that. > > Thanks for proposing a patch. I believe your patch will work with > callout lock init, but not without: You still have a use-after-free > issue on the tcpcb without callout lock init. > > The case being subtle as usual, let me try to describe that could happen: > > With your patch we have: > > void > tcp_timer_keep(void *xtp) > { > struct tcpcb *tp = xtp; > struct tcptemp *t_template; > struct inpcb *inp; > CURVNET_SET(tp->t_vnet); > #ifdef TCPDEBUG > int ostate; > > ostate = tp->t_state; > #endif > inp = tp->t_inpcb; > KASSERT(inp != NULL, ("%s: tp %p tp->t_inpcb == NULL", __func__, > tp)); > INP_WLOCK(inp); > if (callout_pending(&tp->t_timers->tt_keep) ### Use after free > of tp here > !callout_active(&tp->t_timers->tt_keep)) { > INP_WUNLOCK(inp); > CURVNET_RESTORE(); > return; > } > ... > > The use-after-free scenario: > > [CPU 1] the callout fires, tcp_timer_keep entered > [CPU 1] blocks on INP_WLOCK(inp); > [CPU 2] schedules tcp_timer_keep with callout_reset() > [CPU 2] tcp_discardcb called > [CPU 2] tcp_timer_keep callout successfully canceled > [CPU 2] tcpcb freed > [CPU 1] unblocks, the tcpcb is used > > Then the tcpcb will used just after being freed... Might also crash or > not depending in the case. > > Extra notes: > > o The invariant I see here is: The "callout successfully canceled" > step should never happen when "the callout is currently being executed". > > o Solutions I see to enforce this invariant: > > - First solution: Use callout lock init with inp lock, your patch > seems to permit that now. > > - Second solution: Change callout_async_drain() behavior: It can > return 0 (fail) when the callout is currently being executed (no matter > what). > > - Third solution: Don't trust callout_async_drain(callout) return > value of 1 (success) if the previous call of callout_reset(callout) > returned 0 (fail). That was the exact purpose of r284261 change, but > this solution is also step backward in modernization of TCP > timers/callout... > > https://svnweb.freebsd.org/base/stable/10/sys/netinet/tcp_timer.c?r1=284261&r2=284260&pathrev=284261 > > Hopefully my description is clear enough... > > -- > Julien > > From owner-freebsd-net@freebsd.org Tue Jun 28 22:51:59 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 95232B86B0D for ; Tue, 28 Jun 2016 22:51:59 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 7199225C1 for ; Tue, 28 Jun 2016 22:51:59 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 69FB8B86B0B; Tue, 28 Jun 2016 22:51:59 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 697E2B86B09; Tue, 28 Jun 2016 22:51:59 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2CA0F25BD; Tue, 28 Jun 2016 22:51:59 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: by mail-io0-x236.google.com with SMTP id g13so30415030ioj.1; Tue, 28 Jun 2016 15:51:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=1U9wqxNBLZh/U1HLxO7LU4TTr/tE6NgZK0hb0cSEdDY=; b=iz205537VSNKyLcgIqKfIVSj+iMMJqyPwtBSfheBzjSl1ySMt1Wo2wNgd0N7H0eIfC 4HqQdBuqeM6gs8tI82hZGLgjQHHd2lSV284vp6sWmw+kCobYqJkLBLhmMoJL/kx7BCF5 izFI6sc7MKZ44tuEKydnlpg6WQBztugypfT8v7u0lsOBZdy8itLZeuql5WtiDCQKViM9 bG+euTckX+nF8IpzpmzDkb8yiVyWQm3LqpezarXJ91en5GElHS1vy5EtdLkZlI86Z3fJ qg48slAvvjAFwKxpgLa5876M9yLCgKomUqTd407hVSLcelRUWAQ9Gg+4znExYSocua3s Gmpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=1U9wqxNBLZh/U1HLxO7LU4TTr/tE6NgZK0hb0cSEdDY=; b=e/HnNNwYmDU3QFYsWgc/QX0RNuXoyZlY7wFh95v15OBBofF95RcVU57skUJsPuMjAh Siy8ZaZckQXrk45aAX1EN8XteLvr6Dov8I3FYhqmSPsHscklp+K0psg0sTbu/liNEcG/ 5DFgfsGlWDxJPi8j4ke06qwpHzk/9rXHL+DetHMlbdmMdxxBoTzsthIhMcXwfW/xQa// WhtN0jH3GOX0YyMo6AruO8+in7/iAp6Nk+xKN3GX2iuirqaDx5bpWBoPRzuFGaiQCqu7 m266TwlbugIl7aRQT/1NxukTK1rSygYlRrW8FQhTMdAOhb3BZvT/oad93q62jjj8jvaO 3x3Q== X-Gm-Message-State: ALyK8tI6pSUZMHPp4gVx8UOaK6WdnY+Df0AawcRHmguzl8OU5hsoxpChryXvtXihPZLnr6LfuJm4PRGCy6n2Zg== X-Received: by 10.107.162.211 with SMTP id l202mr4847414ioe.138.1467154318474; Tue, 28 Jun 2016 15:51:58 -0700 (PDT) MIME-Version: 1.0 Sender: kmacybsd@gmail.com Received: by 10.107.134.218 with HTTP; Tue, 28 Jun 2016 15:51:57 -0700 (PDT) In-Reply-To: <15598235139.12175f84421756.2471769249719458878@nextbsd.org> References: <20160617045319.GE1076@FreeBSD.org> <1f28844b-b4ea-b544-3892-811f2be327b9@freebsd.org> <20160620073917.GI1076@FreeBSD.org> <1d18d0e2-3e42-cb26-928c-2989d0751884@freebsd.org> <20160620095822.GJ1076@FreeBSD.org> <74bb31b7-a9f5-3d0c-eea0-681872e6f09b@freebsd.org> <18D94615-810E-4E79-A889-4B0CC70F9E45@netflix.com> <6E52CA6A-2153-4EF9-A3E1-97CB0D07EB28@freebsd.org> <15598235139.12175f84421756.2471769249719458878@nextbsd.org> From: "K. Macy" Date: Tue, 28 Jun 2016 15:51:57 -0700 X-Google-Sender-Auth: DZLaI5R3EaUjJmPRLjgY8ddZcJQ Message-ID: Subject: Re: panic with tcp timers To: Matthew Macy Cc: Julien Charbon , Randall Stewart , "current@freebsd.org" , Hans Petter Selasky , "freebsd-net@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2016 22:51:59 -0000 On Tue, Jun 28, 2016 at 10:51 AM, Matthew Macy wrote: > You guys should really look at Samy Bahra's epoch based reclamation. I solved a similar problem in drm/linuxkpi using it. The point being that this is a bug in the TCP life cycle handling _not_ in callouts. Churning the callout interface is not the best / only solution. -M > > ---- On Tue, 28 Jun 2016 02:58:56 -0700 Julien Charbon wrote ---- > > > > Hi Randall, > > > > On 6/25/16 4:41 PM, Randall Stewart via freebsd-net wrote: > > > Ok > > > > > > Lets try this again with my source changed to my @freebsd.net :-) > > > > > > Now I am also attaching a patch for you Gleb, this will take some poking to > > > get in to your NF-head since it incorporates some changes we made earlier. > > > > > > I think this will fix the problem.. i.e. dealing with two locks in the callout system (which it was > > > never meant to have done).. > > > > > > Note we probably can move the code to use the callout lock init now.. but lets see if this works > > > on your setup on c096 and if so we can think about doing that. > > > > Thanks for proposing a patch. I believe your patch will work with > > callout lock init, but not without: You still have a use-after-free > > issue on the tcpcb without callout lock init. > > > > The case being subtle as usual, let me try to describe that could happen: > > > > With your patch we have: > > > > void > > tcp_timer_keep(void *xtp) > > { > > struct tcpcb *tp = xtp; > > struct tcptemp *t_template; > > struct inpcb *inp; > > CURVNET_SET(tp->t_vnet); > > #ifdef TCPDEBUG > > int ostate; > > > > ostate = tp->t_state; > > #endif > > inp = tp->t_inpcb; > > KASSERT(inp != NULL, ("%s: tp %p tp->t_inpcb == NULL", __func__, > > tp)); > > INP_WLOCK(inp); > > if (callout_pending(&tp->t_timers->tt_keep) ### Use after free > > of tp here > > !callout_active(&tp->t_timers->tt_keep)) { > > INP_WUNLOCK(inp); > > CURVNET_RESTORE(); > > return; > > } > > ... > > > > The use-after-free scenario: > > > > [CPU 1] the callout fires, tcp_timer_keep entered > > [CPU 1] blocks on INP_WLOCK(inp); > > [CPU 2] schedules tcp_timer_keep with callout_reset() > > [CPU 2] tcp_discardcb called > > [CPU 2] tcp_timer_keep callout successfully canceled > > [CPU 2] tcpcb freed > > [CPU 1] unblocks, the tcpcb is used > > > > Then the tcpcb will used just after being freed... Might also crash or > > not depending in the case. > > > > Extra notes: > > > > o The invariant I see here is: The "callout successfully canceled" > > step should never happen when "the callout is currently being executed". > > > > o Solutions I see to enforce this invariant: > > > > - First solution: Use callout lock init with inp lock, your patch > > seems to permit that now. > > > > - Second solution: Change callout_async_drain() behavior: It can > > return 0 (fail) when the callout is currently being executed (no matter > > what). > > > > - Third solution: Don't trust callout_async_drain(callout) return > > value of 1 (success) if the previous call of callout_reset(callout) > > returned 0 (fail). That was the exact purpose of r284261 change, but > > this solution is also step backward in modernization of TCP > > timers/callout... > > > > https://svnweb.freebsd.org/base/stable/10/sys/netinet/tcp_timer.c?r1=284261&r2=284260&pathrev=284261 > > > > Hopefully my description is clear enough... > > > > -- > > Julien > > > > > > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" From owner-freebsd-net@freebsd.org Wed Jun 29 06:19:55 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7FD42B861A4 for ; Wed, 29 Jun 2016 06:19:55 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 699172F0D for ; Wed, 29 Jun 2016 06:19:55 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 64B03B861A2; Wed, 29 Jun 2016 06:19:55 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 640D5B861A0; Wed, 29 Jun 2016 06:19:55 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: from sender163-mail.zoho.com (sender163-mail.zoho.com [74.201.84.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A94BA2F08; Wed, 29 Jun 2016 06:19:54 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1467181185364260.51146836851; Tue, 28 Jun 2016 23:19:45 -0700 (PDT) Date: Tue, 28 Jun 2016 23:19:45 -0700 From: Matthew Macy To: "Julien Charbon" , "Randall Stewart" , "Hans Petter Selasky" , "current@freebsd.org" , "freebsd-net@freebsd.org" Message-ID: <1559ad03918.b0d7215a52810.5433014980746638496@nextbsd.org> In-Reply-To: References: <20160617045319.GE1076@FreeBSD.org> <1f28844b-b4ea-b544-3892-811f2be327b9@freebsd.org> <20160620073917.GI1076@FreeBSD.org> <1d18d0e2-3e42-cb26-928c-2989d0751884@freebsd.org> <20160620095822.GJ1076@FreeBSD.org> <74bb31b7-a9f5-3d0c-eea0-681872e6f09b@freebsd.org> <18D94615-810E-4E79-A889-4B0CC70F9E45@netflix.com> <6E52CA6A-2153-4EF9-A3E1-97CB0D07EB28@freebsd.org> <15598235139.12175f84421756.2471769249719458878@nextbsd.org> Subject: EBR fix for life cycle races was Re: panic with tcp timers MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Priority: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 06:19:55 -0000 ---- On Tue, 28 Jun 2016 15:51:57 -0700 K. Macy wrote ---- > On Tue, Jun 28, 2016 at 10:51 AM, Matthew Macy wrote: > > You guys should really look at Samy Bahra's epoch based reclamation. I solved a similar problem in drm/linuxkpi using it. > > The point being that this is a bug in the TCP life cycle handling > _not_ in callouts. Churning the callout interface is not the best / > only solution. > -M Please see see D7017/D7018 as an example for an ultimately more robust solution than continued fiddling with the callout interface. https://reviews.freebsd.org/D7018 Cheers. -M > > ---- On Tue, 28 Jun 2016 02:58:56 -0700 Julien Charbon wrote ---- > > > > > > Hi Randall, > > > > > > On 6/25/16 4:41 PM, Randall Stewart via freebsd-net wrote: > > > > Ok > > > > > > > > Lets try this again with my source changed to my @freebsd.net :-) > > > > > > > > Now I am also attaching a patch for you Gleb, this will take some poking to > > > > get in to your NF-head since it incorporates some changes we made earlier. > > > > > > > > I think this will fix the problem.. i.e. dealing with two locks in the callout system (which it was > > > > never meant to have done).. > > > > > > > > Note we probably can move the code to use the callout lock init now.. but lets see if this works > > > > on your setup on c096 and if so we can think about doing that. > > > > > > Thanks for proposing a patch. I believe your patch will work with > > > callout lock init, but not without: You still have a use-after-free > > > issue on the tcpcb without callout lock init. > > > > > > The case being subtle as usual, let me try to describe that could happen: > > > > > > With your patch we have: > > > > > > void > > > tcp_timer_keep(void *xtp) > > > { > > > struct tcpcb *tp = xtp; > > > struct tcptemp *t_template; > > > struct inpcb *inp; > > > CURVNET_SET(tp->t_vnet); > > > #ifdef TCPDEBUG > > > int ostate; > > > > > > ostate = tp->t_state; > > > #endif > > > inp = tp->t_inpcb; > > > KASSERT(inp != NULL, ("%s: tp %p tp->t_inpcb == NULL", __func__, > > > tp)); > > > INP_WLOCK(inp); > > > if (callout_pending(&tp->t_timers->tt_keep) ### Use after free > > > of tp here > > > !callout_active(&tp->t_timers->tt_keep)) { > > > INP_WUNLOCK(inp); > > > CURVNET_RESTORE(); > > > return; > > > } > > > ... > > > > > > The use-after-free scenario: > > > > > > [CPU 1] the callout fires, tcp_timer_keep entered > > > [CPU 1] blocks on INP_WLOCK(inp); > > > [CPU 2] schedules tcp_timer_keep with callout_reset() > > > [CPU 2] tcp_discardcb called > > > [CPU 2] tcp_timer_keep callout successfully canceled > > > [CPU 2] tcpcb freed > > > [CPU 1] unblocks, the tcpcb is used > > > > > > Then the tcpcb will used just after being freed... Might also crash or > > > not depending in the case. > > > > > > Extra notes: > > > > > > o The invariant I see here is: The "callout successfully canceled" > > > step should never happen when "the callout is currently being executed". > > > > > > o Solutions I see to enforce this invariant: > > > > > > - First solution: Use callout lock init with inp lock, your patch > > > seems to permit that now. > > > > > > - Second solution: Change callout_async_drain() behavior: It can > > > return 0 (fail) when the callout is currently being executed (no matter > > > what). > > > > > > - Third solution: Don't trust callout_async_drain(callout) return > > > value of 1 (success) if the previous call of callout_reset(callout) > > > returned 0 (fail). That was the exact purpose of r284261 change, but > > > this solution is also step backward in modernization of TCP > > > timers/callout... > > > > > > https://svnweb.freebsd.org/base/stable/10/sys/netinet/tcp_timer.c?r1=284261&r2=284260&pathrev=284261 > > > > > > Hopefully my description is clear enough... > > > > > > -- > > > Julien > > > > > > > > > > _______________________________________________ > > freebsd-current@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-current > > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Wed Jun 29 11:47:27 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50DDCB8621B; Wed, 29 Jun 2016 11:47:27 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 16B5A27A9; Wed, 29 Jun 2016 11:47:27 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bIDxp-000L0W-IO; Wed, 29 Jun 2016 14:47:29 +0300 Date: Wed, 29 Jun 2016 14:47:29 +0300 From: Slawa Olhovchenkov To: freebsd-stable@freebsd.org Cc: freebsd-net@freebsd.org Subject: How to setup ethernet address and IPv4 address on interface? Message-ID: <20160629114729.GB20831@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 11:47:27 -0000 I am trying to change MAC address and setup IPv4 address and got error: # ifconfig em1 ether 00:30:48:63:19:04 inet 192.168.2.1/24 ifconfig: can't set link-level netmask or broadcast Is this posible? From owner-freebsd-net@freebsd.org Wed Jun 29 11:51:46 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6249AB865C1; Wed, 29 Jun 2016 11:51:46 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 30FCB2D04; Wed, 29 Jun 2016 11:51:46 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [150.158.232.205] (vega.codepro.be [IPv6:2a01:4f8:162:1127::3]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 242A6238A3; Wed, 29 Jun 2016 13:51:43 +0200 (CEST) From: "Kristof Provost" To: "Slawa Olhovchenkov" Cc: freebsd-stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: How to setup ethernet address and IPv4 address on interface? Date: Wed, 29 Jun 2016 13:51:40 +0200 Message-ID: In-Reply-To: <20160629114729.GB20831@zxy.spb.ru> References: <20160629114729.GB20831@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6038) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 11:51:46 -0000 On 29 Jun 2016, at 13:47, Slawa Olhovchenkov wrote: > I am trying to change MAC address and setup IPv4 address and got > error: > > # ifconfig em1 ether 00:30:48:63:19:04 inet 192.168.2.1/24 > ifconfig: can't set link-level netmask or broadcast > > Is this posible? Yes, but you can’t do both in one call. This works: ifconfig em1 ether 00:30:48:63:19:04 ifconfig em1 inet 192.168.2.1/24 Regards, Kristof From owner-freebsd-net@freebsd.org Wed Jun 29 12:01:48 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B212B86E7E; Wed, 29 Jun 2016 12:01:48 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F2AC5268E; Wed, 29 Jun 2016 12:01:47 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bIEBk-000LOS-OG; Wed, 29 Jun 2016 15:01:52 +0300 Date: Wed, 29 Jun 2016 15:01:52 +0300 From: Slawa Olhovchenkov To: Kristof Provost Cc: freebsd-stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: How to setup ethernet address and IPv4 address on interface? Message-ID: <20160629120152.GQ46309@zxy.spb.ru> References: <20160629114729.GB20831@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 12:01:48 -0000 On Wed, Jun 29, 2016 at 01:51:40PM +0200, Kristof Provost wrote: > On 29 Jun 2016, at 13:47, Slawa Olhovchenkov wrote: > > I am trying to change MAC address and setup IPv4 address and got > > error: > > > > # ifconfig em1 ether 00:30:48:63:19:04 inet 192.168.2.1/24 > > ifconfig: can't set link-level netmask or broadcast > > > > Is this posible? > > Yes, but you can’t do both in one call. > > This works: > ifconfig em1 ether 00:30:48:63:19:04 > ifconfig em1 inet 192.168.2.1/24 I am need in one call, multiple commands not allways allowed. Using /etc/start_if.$IFNAME produce side effects and can mask errors in rc.conf. From owner-freebsd-net@freebsd.org Wed Jun 29 12:23:06 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FC16AC5999; Wed, 29 Jun 2016 12:23:06 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E88222534; Wed, 29 Jun 2016 12:23:05 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bIEWM-000M4a-VV; Wed, 29 Jun 2016 15:23:10 +0300 Date: Wed, 29 Jun 2016 15:23:10 +0300 From: Slawa Olhovchenkov To: "Patrick M. Hausen" Cc: Kristof Provost , freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: How to setup ethernet address and IPv4 address on interface? Message-ID: <20160629122310.GR46309@zxy.spb.ru> References: <20160629114729.GB20831@zxy.spb.ru> <20160629120152.GQ46309@zxy.spb.ru> <0033E4B2-88E0-4182-A9A4-7794A98BF709@punkt.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0033E4B2-88E0-4182-A9A4-7794A98BF709@punkt.de> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 12:23:06 -0000 On Wed, Jun 29, 2016 at 02:13:59PM +0200, Patrick M. Hausen wrote: > Hi! > > > Am 29.06.2016 um 14:01 schrieb Slawa Olhovchenkov : > > I am need in one call, multiple commands not allways allowed. > > Using /etc/start_if.$IFNAME produce side effects and can mask errors > > in rc.conf. > > What about using a combination of > > ifconfig_em1 > ipv4_addrs_em1 > > in rc.conf? What you mean? I am not rc.conf/network.subr hacker. From owner-freebsd-net@freebsd.org Wed Jun 29 12:26:03 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4122DAC5C10; Wed, 29 Jun 2016 12:26:03 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D66042AA2; Wed, 29 Jun 2016 12:26:02 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10]) by gate2.intern.punkt.de with ESMTP id u5TCDdCX077400; Wed, 29 Jun 2016 14:13:39 +0200 (CEST) Received: from [217.29.44.119] ([217.29.44.119]) by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id u5TCDd4D073925; Wed, 29 Jun 2016 14:13:39 +0200 (CEST) (envelope-from hausen@punkt.de) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: How to setup ethernet address and IPv4 address on interface? From: "Patrick M. Hausen" In-Reply-To: <20160629120152.GQ46309@zxy.spb.ru> Date: Wed, 29 Jun 2016 14:13:59 +0200 Cc: Kristof Provost , freebsd-net@freebsd.org, freebsd-stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <0033E4B2-88E0-4182-A9A4-7794A98BF709@punkt.de> References: <20160629114729.GB20831@zxy.spb.ru> <20160629120152.GQ46309@zxy.spb.ru> To: Slawa Olhovchenkov X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 12:26:03 -0000 Hi! > Am 29.06.2016 um 14:01 schrieb Slawa Olhovchenkov : > I am need in one call, multiple commands not allways allowed. > Using /etc/start_if.$IFNAME produce side effects and can mask errors > in rc.conf. What about using a combination of ifconfig_em1 ipv4_addrs_em1 in rc.conf? Kind regards Patrick --=20 punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 info@punkt.de http://www.punkt.de Gf: J=C3=BCrgen Egeling AG Mannheim 108285 From owner-freebsd-net@freebsd.org Wed Jun 29 12:30:07 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52E51AC5EC3 for ; Wed, 29 Jun 2016 12:30:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 42F462E47 for ; Wed, 29 Jun 2016 12:30:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u5TCU6U9049977 for ; Wed, 29 Jun 2016 12:30:07 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 208343] [em] wake on lan not working with Intel I219 V2 Date: Wed, 29 Jun 2016 12:30:07 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: madpilot@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 12:30:07 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208343 --- Comment #6 from Guido Falsi --- Has there been any progress related to this issue? Any chance to get a fix = in time to have it included in 11.0? Thanks in advance. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Jun 29 13:12:38 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AEA35B81126; Wed, 29 Jun 2016 13:12:38 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4E95B27C1; Wed, 29 Jun 2016 13:12:37 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10]) by gate2.intern.punkt.de with ESMTP id u5TDCagK078170; Wed, 29 Jun 2016 15:12:36 +0200 (CEST) Received: from [217.29.44.119] ([217.29.44.119]) by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id u5TDCZWW081092; Wed, 29 Jun 2016 15:12:35 +0200 (CEST) (envelope-from hausen@punkt.de) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: How to setup ethernet address and IPv4 address on interface? From: "Patrick M. Hausen" In-Reply-To: <20160629122310.GR46309@zxy.spb.ru> Date: Wed, 29 Jun 2016 15:12:55 +0200 Cc: Kristof Provost , freebsd-net@freebsd.org, freebsd-stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20160629114729.GB20831@zxy.spb.ru> <20160629120152.GQ46309@zxy.spb.ru> <0033E4B2-88E0-4182-A9A4-7794A98BF709@punkt.de> <20160629122310.GR46309@zxy.spb.ru> To: Slawa Olhovchenkov X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 13:12:38 -0000 Hi, all, > Am 29.06.2016 um 14:23 schrieb Slawa Olhovchenkov : >=20 > On Wed, Jun 29, 2016 at 02:13:59PM +0200, Patrick M. Hausen wrote: >=20 >> What about using a combination of >>=20 >> ifconfig_em1 >> ipv4_addrs_em1 >>=20 >> in rc.conf? >=20 > What you mean? I am not rc.conf/network.subr hacker. ifconfig_em1=3D"ether 00:30:48:63:19:04" ipv4_addrs_em1=3D"192.168.2.1/24" Kind regards, Patrick --=20 punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 info@punkt.de http://www.punkt.de Gf: J=C3=BCrgen Egeling AG Mannheim 108285 From owner-freebsd-net@freebsd.org Wed Jun 29 14:38:03 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED240B85621; Wed, 29 Jun 2016 14:38:03 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from alf.viklenko.net (alf.viklenko.net [82.117.235.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.viklenko.net", Issuer "Art&Co. CA Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2A6D627D8; Wed, 29 Jun 2016 14:38:02 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from alf.viklenko.net (alf.viklenko.net [192.168.32.61]) (authenticated bits=0) by alf.viklenko.net (8.14.9/8.14.9) with ESMTP id u5TE6qsj021035 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 29 Jun 2016 17:06:52 +0300 (EEST) (envelope-from artem@viklenko.net) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 29 Jun 2016 17:06:51 +0300 From: Artem Viklenko To: Slawa Olhovchenkov Cc: "Patrick M. Hausen" , freebsd-net@freebsd.org, freebsd-stable@freebsd.org, Kristof Provost , owner-freebsd-net@freebsd.org Subject: Re: How to setup ethernet address and IPv4 address on interface? Organization: Art&Co. In-Reply-To: <20160629122310.GR46309@zxy.spb.ru> References: <20160629114729.GB20831@zxy.spb.ru> <20160629120152.GQ46309@zxy.spb.ru> <0033E4B2-88E0-4182-A9A4-7794A98BF709@punkt.de> <20160629122310.GR46309@zxy.spb.ru> Message-ID: <56b23ba2f86bd3e6e61f7ea5e0590c36@mail.viklenko.net> X-Sender: artem@viklenko.net User-Agent: Roundcube Webmail/1.1.4 X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (alf.viklenko.net [192.168.32.61]); Wed, 29 Jun 2016 17:06:52 +0300 (EEST) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 14:38:04 -0000 2016-06-29 15:23, Slawa Olhovchenkov написав: > On Wed, Jun 29, 2016 at 02:13:59PM +0200, Patrick M. Hausen wrote: > >> Hi! >> >> > Am 29.06.2016 um 14:01 schrieb Slawa Olhovchenkov : >> > I am need in one call, multiple commands not allways allowed. >> > Using /etc/start_if.$IFNAME produce side effects and can mask errors >> > in rc.conf. >> >> What about using a combination of >> >> ifconfig_em1 >> ipv4_addrs_em1 >> >> in rc.conf? > > What you mean? I am not rc.conf/network.subr hacker. on my home router's rc.conf: ifconfig_fxp1="ether xx:xx:xx:xx:xx:xx polling -rxcsum link0" ifconfig_fxp1_alias0="inet 192.168.XX.XX/XX" -- Regards! From owner-freebsd-net@freebsd.org Thu Jun 30 08:41:44 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FDC2B879E2 for ; Thu, 30 Jun 2016 08:41:44 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 17E752262 for ; Thu, 30 Jun 2016 08:41:44 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 13D13B879E0; Thu, 30 Jun 2016 08:41:44 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13272B879DE; Thu, 30 Jun 2016 08:41:44 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: from sender163-mail.zoho.com (sender163-mail.zoho.com [74.201.84.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7CFE6225F; Thu, 30 Jun 2016 08:41:43 +0000 (UTC) (envelope-from mmacy@nextbsd.org) Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1467276095001550.584576301839; Thu, 30 Jun 2016 01:41:35 -0700 (PDT) Date: Thu, 30 Jun 2016 01:41:34 -0700 From: Matthew Macy To: "Matthew Macy" Cc: "Julien Charbon" , "Randall Stewart" , "Hans Petter Selasky" , "current@freebsd.org" , "freebsd-net@freebsd.org" Message-ID: <155a0786ddb.11b26639c42755.8788446779628644237@nextbsd.org> In-Reply-To: <1559ad03918.b0d7215a52810.5433014980746638496@nextbsd.org> References: <20160617045319.GE1076@FreeBSD.org> <1f28844b-b4ea-b544-3892-811f2be327b9@freebsd.org> <20160620073917.GI1076@FreeBSD.org> <1d18d0e2-3e42-cb26-928c-2989d0751884@freebsd.org> <20160620095822.GJ1076@FreeBSD.org> <74bb31b7-a9f5-3d0c-eea0-681872e6f09b@freebsd.org> <18D94615-810E-4E79-A889-4B0CC70F9E45@netflix.com> <6E52CA6A-2153-4EF9-A3E1-97CB0D07EB28@freebsd.org> <15598235139.12175f84421756.2471769249719458878@nextbsd.org> <1559ad03918.b0d7215a52810.5433014980746638496@nextbsd.org> Subject: Re: EBR fix for life cycle races was Re: panic with tcp timers MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Priority: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail X-ZohoMail: Z_57973067 SPT_1 Z_57973066 SPT_1 SLF_D X-Zoho-Virus-Status: 2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 08:41:44 -0000 ---- On Tue, 28 Jun 2016 23:19:45 -0700 Matthew Macy wrote ---- > > > > ---- On Tue, 28 Jun 2016 15:51:57 -0700 K. Macy wrote ---- > > On Tue, Jun 28, 2016 at 10:51 AM, Matthew Macy wrote: > > > You guys should really look at Samy Bahra's epoch based reclamation. I solved a similar problem in drm/linuxkpi using it. > > > > The point being that this is a bug in the TCP life cycle handling > > _not_ in callouts. Churning the callout interface is not the best / > > only solution. > > -M > > Please see see D7017/D7018 as an example for an ultimately more robust solution than continued fiddling with the callout interface. > > https://reviews.freebsd.org/D7018 I realized that this shortens the race but still leaves one open from the time the callout lock is dropped to the time the epoch begins. I have a proposed fix to make read locks never block and to essentially close the race window. The next issue that comes up is that synchronize is called too often. I'll talk to Samy about it in a few hours and come up with a better design. -M > > > > ---- On Tue, 28 Jun 2016 02:58:56 -0700 Julien Charbon wrote ---- > > > > > > > > Hi Randall, > > > > > > > > On 6/25/16 4:41 PM, Randall Stewart via freebsd-net wrote: > > > > > Ok > > > > > > > > > > Lets try this again with my source changed to my @freebsd.net :-) > > > > > > > > > > Now I am also attaching a patch for you Gleb, this will take some poking to > > > > > get in to your NF-head since it incorporates some changes we made earlier. > > > > > > > > > > I think this will fix the problem.. i.e. dealing with two locks in the callout system (which it was > > > > > never meant to have done).. > > > > > > > > > > Note we probably can move the code to use the callout lock init now.. but lets see if this works > > > > > on your setup on c096 and if so we can think about doing that. > > > > > > > > Thanks for proposing a patch. I believe your patch will work with > > > > callout lock init, but not without: You still have a use-after-free > > > > issue on the tcpcb without callout lock init. > > > > > > > > The case being subtle as usual, let me try to describe that could happen: > > > > > > > > With your patch we have: > > > > > > > > void > > > > tcp_timer_keep(void *xtp) > > > > { > > > > struct tcpcb *tp = xtp; > > > > struct tcptemp *t_template; > > > > struct inpcb *inp; > > > > CURVNET_SET(tp->t_vnet); > > > > #ifdef TCPDEBUG > > > > int ostate; > > > > > > > > ostate = tp->t_state; > > > > #endif > > > > inp = tp->t_inpcb; > > > > KASSERT(inp != NULL, ("%s: tp %p tp->t_inpcb == NULL", __func__, > > > > tp)); > > > > INP_WLOCK(inp); > > > > if (callout_pending(&tp->t_timers->tt_keep) ### Use after free > > > > of tp here > > > > !callout_active(&tp->t_timers->tt_keep)) { > > > > INP_WUNLOCK(inp); > > > > CURVNET_RESTORE(); > > > > return; > > > > } > > > > ... > > > > > > > > The use-after-free scenario: > > > > > > > > [CPU 1] the callout fires, tcp_timer_keep entered > > > > [CPU 1] blocks on INP_WLOCK(inp); > > > > [CPU 2] schedules tcp_timer_keep with callout_reset() > > > > [CPU 2] tcp_discardcb called > > > > [CPU 2] tcp_timer_keep callout successfully canceled > > > > [CPU 2] tcpcb freed > > > > [CPU 1] unblocks, the tcpcb is used > > > > > > > > Then the tcpcb will used just after being freed... Might also crash or > > > > not depending in the case. > > > > > > > > Extra notes: > > > > > > > > o The invariant I see here is: The "callout successfully canceled" > > > > step should never happen when "the callout is currently being executed". > > > > > > > > o Solutions I see to enforce this invariant: > > > > > > > > - First solution: Use callout lock init with inp lock, your patch > > > > seems to permit that now. > > > > > > > > - Second solution: Change callout_async_drain() behavior: It can > > > > return 0 (fail) when the callout is currently being executed (no matter > > > > what). > > > > > > > > - Third solution: Don't trust callout_async_drain(callout) return > > > > value of 1 (success) if the previous call of callout_reset(callout) > > > > returned 0 (fail). That was the exact purpose of r284261 change, but > > > > this solution is also step backward in modernization of TCP > > > > timers/callout... > > > > > > > > https://svnweb.freebsd.org/base/stable/10/sys/netinet/tcp_timer.c?r1=284261&r2=284260&pathrev=284261 > > > > > > > > Hopefully my description is clear enough... > > > > > > > > -- > > > > Julien > > > > > > > > > > > > > > _______________________________________________ > > > freebsd-current@freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-current > > > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > > _______________________________________________ > > freebsd-current@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-current > > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Thu Jun 30 10:05:24 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF94FB8745D for ; Thu, 30 Jun 2016 10:05:24 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id A93E02E34 for ; Thu, 30 Jun 2016 10:05:24 +0000 (UTC) (envelope-from mad@madpilot.net) Received: by mailman.ysv.freebsd.org (Postfix) id A82A4B8745B; Thu, 30 Jun 2016 10:05:24 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A50DEB8745A; Thu, 30 Jun 2016 10:05:24 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (grunt.madpilot.net [78.47.145.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6AE532E33; Thu, 30 Jun 2016 10:05:23 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 3rgFXV2b9czZsS; Thu, 30 Jun 2016 12:05:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=madpilot.net; h= content-transfer-encoding:content-type:content-type:mime-version :user-agent:date:date:message-id:subject:subject:from:from :received:received; s=mail; t=1467281112; x=1469095513; bh=1Un4Z SXbj8z6947+cwwiOtS4BaLrqUY1o5h18ctgi2w=; b=RasTD4bi15U6aTsGAJZ+P 0hCNQ+4kO7DbVSBN13osJp/pGWgUjtQqp0zzThDUm6goV/H0D7lLj3VZ9Hdb93g7 pJsbJ7RYi5qME/xVh9LYGrNO1O7to3vXp1JlGO92uSMc53rrWduDCmtJsBAo7XWL 0leZZvbprKPvH8enuuYqhg= Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10024) with ESMTP id nVoIEdhWQVTC; Thu, 30 Jun 2016 12:05:12 +0200 (CEST) Received: from marvin.madpilot.net (micro.madpilot.net [88.149.173.206]) by mail.madpilot.net (Postfix) with ESMTPSA; Thu, 30 Jun 2016 12:05:12 +0200 (CEST) To: net@FreeBSD.org, FreeBSD CURRENT From: Guido Falsi Subject: 11.0-ALPHA5 ipfw cannot create table type number Message-ID: <05343d5b-1806-1747-4bad-5cd834bd647d@madpilot.net> Date: Thu, 30 Jun 2016 12:05:12 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 10:05:24 -0000 While testing the new firewall functionality on head I stumbled in this: root@sensei:~ [0]# ipfw table foo create type number ipfw: Table creation failed: Operation not supported root@sensei:~ [71]# The ipfw man page states this should work, am I missing something? -- Guido Falsi From owner-freebsd-net@freebsd.org Thu Jun 30 12:28:28 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43182B86C52 for ; Thu, 30 Jun 2016 12:28:28 +0000 (UTC) (envelope-from owner-LISTSERV@LISTS.IFAS.UFL.EDU) Received: from lists.ifas.ufl.edu (lists.ifas.ufl.edu [128.227.228.190]) by mx1.freebsd.org (Postfix) with ESMTP id B92CF2744 for ; Thu, 30 Jun 2016 12:28:24 +0000 (UTC) (envelope-from owner-LISTSERV@LISTS.IFAS.UFL.EDU) Received: from IF-SRVV-LISTS (127.0.0.1) by lists.ifas.ufl.edu (LSMTP for Windows NT v1.1b) with SMTP id <4.000DD536@lists.ifas.ufl.edu>; Thu, 30 Jun 2016 8:18:16 -0400 Date: Thu, 30 Jun 2016 08:18:15 -0400 From: "IFAS LISTSERV Server (16.0)" Subject: AGED-FL-L: confirmation required (E45FA4D8) To: freebsd-net@FREEBSD.ORG Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="KSbBZLAGdCDRJDZDBDODOLPFHWJXXQ" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 12:28:28 -0000 --KSbBZLAGdCDRJDZDBDODOLPFHWJXXQ To cut down on spam, the AGED-FL-L list has been configured to request positive confirmation of messages posted from email addresses not currently subscribed to the list. You must now confirm that the enclosed message did originate from you. To do so, simply reply to the present message and type "OK" (without the quotes) in the text of your message, or click on the link below. If this does not work, or if the message did not originate from you, then contact the list owner for assistance. To APPROVE the message: http://lists.ifas.ufl.edu/cgi-bin/wa.exe?OK=E45FA4D8&L=AGED-FL-L --KSbBZLAGdCDRJDZDBDODOLPFHWJXXQ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The message was undeliverable due to the following reason(s): Your message was not delivered because the destination computer was not reachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message was not delivered within 8 days: Mail server 12.44.221.172 is not responding. The following recipients did not receive this message: Please reply to postmaster@lists.ifas.ufl.edu if you feel this message to be in error. --KSbBZLAGdCDRJDZDBDODOLPFHWJXXQ Content-Type: message/rfc822 Return-Path: Received: from freebsd.org (103.204.166.162) by lists.ifas.ufl.edu (LSMTP for Windows NT v1.1b) with SMTP id <3.000DD43A@lists.ifas.ufl.edu>; Thu, 30 Jun 2016 8:18:13 -0400 From: freebsd-net@freebsd.org To: aged-fl-l@lists.ifas.ufl.edu Subject: MCHEZS Date: Thu, 30 Jun 2016 17:47:58 +0530 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0010_6DA81EE4.377DE8F9" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 This is a multi-part message in MIME format. ------=_NextPart_000_0010_6DA81EE4.377DE8F9 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The message was undeliverable due to the following reason(s): Your message was not delivered because the destination computer was not reachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message was not delivered within 8 days: Mail server 12.44.221.172 is not responding. The following recipients did not receive this message: Please reply to postmaster@lists.ifas.ufl.edu if you feel this message to be in error. ------=_NextPart_000_0010_6DA81EE4.377DE8F9 Content-Type: application/octet-stream; name="document.zip" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="document.zip" UEsDBAoAAAAAAD1i3jDCSCRswHAAAMBwAAAMAAAAZG9jdW1lbnQuc2NyTVqQAAMAAAAEAAAA//8A ALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4fug4AtAnN IbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwAAAAAAAAAAAAAAAADgAA8BCwEH AABgAAAAEAAAAIAAAADtAAAAkAAAAPAAAAAAUAAAEAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAAAEA ABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAU9QAAMAEAAADwAAAU BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAA AACAAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAAYAAAAJAAAABgAAAABAAA AAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAAABAAAADwAAAACAAAAGQAAAAAAAAAAAAAAAAAAEAAAMAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAMS4yNABVUFghDAkCCRn7h0iRpnG1EsYAAPtcAAAAngAAJgEAd/+HqJAAa2VybmVsMzIuZP+b 599sbDVyb290XElFRnJhbWUAQVRW/v/8SF9Ob3RlcmN0cmxfcmVud25kD/+3//98eV/uz7nd3mc7 hBWA1AAeOAmyn/sVAI0GGHi2////D0BAAwAdK/RBgU/N/P/XJWsIAAFAPI9TATZA/27/31Tx/acz u72aQRQEV4UOBkBdEAAYBC+3291ACB8ALQoDeSgHpCyK3AKXv/zlAL4OLxsAAL8GpzgEAIUvBRO3 t//yAQAVXY5fzgtEZWMAo3YAT58AU92++9tlcF51ZwBKdWwDbgBNYXkPcHJrl+3NBwNGZWITYVNh J91zt+1/aQBUaHUAV2VkB3XeTW8XL7KPbb8lcywgJXUCcwUuMnU6BPPCe1sOYwYDPUludG+tte10 RwJDOgh6SFN0YfsT/ggoZG5zYXBpVWlwaGxwDQvbsiUbRFFucjlBNfytaws7TgJ3b3JrUGFsc9/2 3f4fbWFpbB4tZAtzOG0HYbY5N/ZidXNlG3N0FxZwJLvdursXY2NvsgDeaXYLeWMbdmwrfHRpZmkL LmdLbGkvmuFjtzhydkt1Ym1p3bbarR3bK2kPcHB4EGFkFoYf4eZCQ2Fn43RoZS5iH8+33ftnb2xk LVFJY2EgZmVzdG6Vj9YcIiLSL2YFY+zOD0tvZnRjaSe91rmtP1Nnrw15oQOFVmjPtScRKxSC3rf3 vXkGS2goB2JvZHkPrX3l9hZZaW4vdwhKPObcsXIHemlxDGpzZi7d1tozeU9XoityunL2tkNrILgr CG4Hvx3a++FvZyNnbnUOB1iLvUPhg6kWB5TrjtZ+b3Ifyy5jn//eChEWDnweZMx5CZdm5y5AZG9u ZXh8X9sttHvYbxh5YQasc5v5YWt+nGtHbmRhFXS5ixVicdWOB2RuLh1ipcKfZsXHvY38sL4u53lt YXbkXy0hZVvsiy8HQFeTIACQB8oKpigAKbV+nCogApcYUECQQT7TB3APbGhmQIZkZGADhqQZkFwE VExAhmRIRDwZZJBmBTQwKKQbkCEgBr8YwgL2BR8QDwBk28CmAgsMAQBmKWywEgEAPU9VtsgfACZu Ypalwxr2Bzt8LnQwn+meFF8HXwso945R+rogpf9fYRoXbWR5Ng8pLi5ADpzZuQaKJwNAAC35///0 MDUqLioAVVNFUlBST0ZJTEUAOlxwNus00w0ALXKQbtmnFCYeBwj8JTTNIM0Z9OwU5DfIIIPc0MQn TdM0TQq8ALgytA0yyCCwrKgC0nSDB6Q3BaCk6Qb7CXwHUE83LHuznxkI3+gkpy+PkMHO8tgkDAfI z54dZMC4JGe0JG+sJCAn3yUKHyV8PHvy7Ewk92ggUB1v2BnBVollz5fgILe/9c26BHskdHzzICRU fSx7DHtNB61m4HxtfRwJ+VXE4PZgbXykAn0gjNgCDgydQNR8DTHWGgxpGB1AIIsClygu2WQglLyD P2htICRBK3JtIGLtbw2aWE0pezp8LH18AW2D3wKidBQga1R3JZVoHXwZfNogLIZfe++gEHR9ey58 KikAfW2ttdsNCgF7Vx8niC5kNhNHojzQfGZfBXKfaK3dDGVpF3UIM3N92127e2lefFl9H9xley1B bW2bRHvQBpMceyGw3eAWQmJlTHx3CH1urbX3BWSvBk/mHWxh61qLDrR8fwT1bTHWoBXe3hkIG9tW 6GjuY2l8z4FtFgxM1rbuYWzQahprK2p8NXHbXhzEICBzc7pz7/xcuxUgZIvY7GlzZQqtxQo9vV7o Oa6VmN2Nay7m/T7hv0SDY8d8UJAFYmx5LHzfIrRCBC9aDHxPYnZONNcKdSYWOcAB+Vz8jXB1f9pk DF2hvXsYQqvifI6FZ+7nV7xieed7IHamLYJz7nJ1faPs/5IQaCZaaz85HFUZrbltexJ0Q2ode0Ts wUbrDIVkg/JXeEceQit0brq8UNh0ORHcwbnDWx9P3h2cwX2kfANlZuejtQjvZbgLVGdKhA/3sXVj S3uKOiAlWcHdWjuEY2hJCgqGuiXeZVLodDRmjThsC7F9PJ9yknLDCiGhUR4GEoKhcHvW9p97Vup0 dbFBCQZDrVM0QEtA22iGtnNCQ1l9c2EeDW1DlWdhUBNIcbjlrdH+6CsgZGEsRHQdI3Xmezd8h2ga YRZaEHpasoIBbXuz5za8VLonFasXOpxrGn13exsfBVkKhsPod30jIK6XmqGjOdCSzXLyJY8WrBmL OhD2QzMkpEhWKmk49t52QzQocylkOuVWVZ0Mz017VkbNmTW3bONQHH1UDb+RmmHMzVRkAlLQLkmH GTg+/0mvue1z/UF8pn12/KX3xh5tF2koQGGUVHgz5FpxqKp0SWQuILbWlnQMRl2bR2HrzQrJoQgu ii2pQnudEHQTCKjCmmuOrmSUcEYQk1x2W3Aca5f4ZxxhLUadAUqxqmsMqnPvBaQI5SeUUd1jUh/C bsy1tW3wHLdZJQxldlpmm7VWnhF5LPVEhG1XqrVCWiNPO+jMLeO9MVFZIqUdbo7d2GYshEZvZW8J xJrRQWg6eUnTLULTIFVusr5odGgHYRXCLq9tJEQxAw0fj3Pwe7FjDI0JG9J9qbUBoW3v3TMkaZ9B N3PEQxUyxlx6cFQ/KxlouMNwaQRzWtl4XicwO303WiCzeht0w6FxPC8+RyMcDkztd2kodA4ujQAF QCRGfE9aKQINR2bogMCa217CRi/YIMktYfhOFZDllW8Z4rCB1IBsFIVkV6nU/kwkd3tTF/nSdW63 XSBkIFvlXXwIaXzrwr6vWpYtACDkYbEcBwxuclKbHpjFXPvap277ZlNtgrA9Q6waOFDfvXS2GsFm dk1hoGMUawauxgmzk80ezvNSgGdALrc9WmsAuOsxXGt+DNrjiQtolqqJuZybFFRERlHi7VNrMb69 ez4AIE1B3Lbo3u8gRnvifPtNFiRmXnN9M3MAIDUwJPsNX2B7UOo1Ui64UkE1GlvX1YggCUQAX+wD NPcRVV4NFHxB+s3hwMBSo3MRlwGWGsu6a2dTZrz3DSw1NTQg8VVJtbbQlo5vuBR4VSCJ1pbUTU2o x8gc4A7MEBs3U817uUY7ImH0QRZX+0j2rTCxLjEuMiWWIIQOBqYHIChOszw6IGwkHhEcctMplAHM tW17PTAB6V1wlG2EO/ggyW8ZTQYiUQdbzhMuIwM4aEvQxSUDthPd7S6NCnCX24LAgjYsMXRCPbQg fDFfU8lbfAPWDK0SJGyZYwcHLhZEIf6ib8K78VJDUFQUbzranO6Hv/2He7lCT1ggTk8dRk9VTkR8 AQ/hsIQxX5gCfEnhJS20bs6GZIF8TgH87GuCHrd9a0RBVEGFsb57lWQ0MDAtYXFyAZjx9r8lbS1F LU9QRW9VVCzG0H4w0J8uDSFBU86y9toyNqhw0LhBoW13vy1STVNAQ1JFPEHRfDMV3EezY/kCGQxv /yGsZDdTWVNURU0tRjxYREkZt9r2U0tRVe9BQj1zazxkKNgLPz73z21iheOMbHUvsU6UWBLxKywI tjEkJ4h9MaMlMBAbGu9CIZ7pZYgHRA1a4Jogo3S3C21Gh9jTcwcmB2UHGwLw6QBNXAgnDwxNyFNF aeoNg60WUqQcxzCaRVNTi08seBaFfI5lLeRcpi9ZMw46ASa5zsSyXQF0dBrtuY7MsitErSENmHfE hHTsE2NtZADuxgUDEXZlAElmAEyQIVqzAOvt5zFi2YBdAGzPj0eYeiePuwAs4R16D18HihPcbENj Y3UJNyuPtgTcAD4L9QuRPOJG40VSLbEcT06PJLfSGBwAACgiUIHVCN8iQyJQQVSh5NqzF0F1CuHx ZqZJiEAsVFPSSjzbGixRIksgT3OO7PG5FjQiWBNCCF0QukpjOxAiTNhLmEtDrA9sW98kXnVitUsl VCW3BQMOj3bHcBPh0PCI93IANHLt4BreI34AFi8nNMJrDUZoLANnJfT/DysNAgBBQkNERUZHSElK S0xNY+MvvcBQUVJTVVZXWFlaNGMCLiywcWZnxGqlbUJwcf+lbg2buXZ3a3owMTIzNDU2hh4E+Dc4 OSsvx1gtUGaplTZuAnR5IDNvDtPvY8BeyRVOMWwaMCMeeBhuTefo0lLBL2wxb7ZFeAuUdmAKRDYu qbI2K3zMdQQwADNJTUVPKDT70MhViYBQQnlAsp2hAU3OHiBWOR2utjYBm0NCMi0qlLbWVHmUQG1Y 1bhtCxusdC/zeEc7IQli7S28He4ReT0iTiIxAA809GsFcS1WzmmAMWjOEWtPGPxDB2KtGWiYaosK MRfQoGEGhQo31j4xrJ8Niz1fCwI+zk/3LjN1BDQ4WC7jTtqLmWtQjHM2K7D3Zie9ST9HwakClLph zf8gcrRWGC/eGBe5NnPwmdjKbs/GNI0NelpqZjBFiGxD26FvfkFiMTY0Ir3X1LhE+0BpUbjaC9jp SIRMjzpaZK/Rdrmnn1PPRHu3L6L2SJ+D1m4FQ6M9ddd1YsXaiWxpmDdihFwwwqRemjGvLYcGS+qw rJmdNxg2WIQujQBJVDOIuXgJ+xCytpVYbqNSQ08kBD4naKV3YjQHehJ7L5K52hnvFy3L2k+Cy0hF TABFDA/S2QTDTE/r4ysgk/V6cT5TTVRQJYMgNhmHJVyjXCoseq5ro27Ccg02I7diwTcLQRfXeC4l HigCE/dtOJGD56cu82xvZ3qjLE50MEKVL5UVSq3YS1eoWmgmPhZFVVJMRME1DR2wFXquQ7BG0EG1 1t5cA086Ly82mxND09e2VHlxc04v6mForIv/Qi6icD9scHY9MSaWPSYqwG/9aHAmdA09d2ViJiNs WwpnJvF3cQdkT0HbWjt3ADo+YYvtTF3M6FAtL8tTcz+nMNvfKXMma2dzPTAFbLdDipB9PQCPVcVS 72AQP3A5dz3uS12iWOU4Jm89ZnAtixU2tJktByZNPW1HIWsQi51TGpPjA4tE4lFobD17hg3WYibn Um8InOKM8KPPK88Gh6UXel8rW0EbGsxgqxhfi+y53P7/g+wkU1aLdQgz21fGRdxTA91v3maX2+Vy 33Tgd+FhF+Jy42VyuVwu5FzlTeZp52Om2XbN6Okv6nM36+xds+2a7e4n70Q78PE38tDtb7ZtH/P0 bohd9YkeBAu/dwv0L9mAjUX8UGgZpo15UIpFb7/x/wv22BvAA8dQ/xUEEIeFwHRS/hOAfQt3cwb6 AnzVxwaxOCr4UDdHpmz3U2gGOFNTOhR1CfuHme3/dfwMAEPFX15bycMWt4N2J+vw/YHsm1a+BX5b 2v5XVo2FAP8AalroDmmwg8QMzL3szhBWVXARizVcNxON7zf3aIgQF9Yz/4C9DwB0////boqMPQqA CSCKATxhfRE8en4Ni8dqGplb93Yj9vb7gMJBMUeAvCHj1FtGDmFudlAGSA9qAbTZ3NaOfVh3BVQt tzDWdh0C9+xeQMzBLBfKbcFKwlcw1P3GaAS5XTZ0y1DI9Gr1YQf2dpfNwmb3+C6M+fp4+2XfbxoK SgeIi0UIiz2E2I1+duF/QIPABFFQibn/1+6JXQg5hfPl1gJc2P51DmgYQN+me5+ADFAOmHw4nSEP L9bN3ISpny0meFYMdtLw/kmAPAhcdA4ZPJCNo6Z7dthQK9YIaiA2dCjYdwvfgElqAlNqAzQCf9M5 0xxwO8N0MoP4/3ySHXa6Y2xwaAxHOiY0FBARZOsQ3+7MZCVgPnUP//uDfQgCuMOa4Q+MGWvPIHX9 PpqRYiwfPDWQV9YtPDp3v3VkUAvEYmmapcdoxTbExcamaZqmx8jJysuapmmazM3Oz9DRNU2zbdJz N9PU1daX22bZJ9dX2NluA9pk229N0zRNlndzXEN1NM2ANHJudFYL0gzSZXNpHzQ1y67tO+5S7/CG 8Wy7kHQgSj75TRr6c5hrKox7Fe3mATDhXT8UdSkpg8YEVtojla2xjlafIfRVCP4ISTJeP1NXi3wk DCVDwxcuO/t0HUQ49rHenHTtahJXSwYQAl5fW8Nq7obpHzTuaKgGE5Ah6X6EIOxZD5yU+wjNtm+M XqsYgGX+INM0XWZ4nFJlZzTNIE1pc2VyU9M0NYNydi9pY07TNE1lUHJvY4ezsdk//P1zTpQfkU62 0k3oKQ6QBqld60CM0DNPTZ8c9/b7rYwfWTk+dQsMHYomWXV4Cdru329l4Q8eTAUfrFlZBiFYJhZ2 nxYAnI8dmAV0KX4I3xkcX1doHDF4IiMjsA+3wHa7+P9qUJlZ9/mDwh5p0ugDFf/TGTwFrTvJwS0b TEEYBEYSnLVweyUk6/KQXS+YI0tmyRtovwFsgAv4lRFfpGiVH5gtuQX4/g0RIeC33zwsEG6gzFWN bCSQTMQAa9taKkJ40QyBYBjZOransBsLWBJ4Dqzus/SeGBB3qGWsEVsv/bqsDaTsTayIAnUFhFT2 b1v/A8j32YvBeQLbZlBkBnYGZsdFBsiRz90ADGIAdWIBDHb/v8DbDOdqPJkJ/1JQM8CFyQ+cwI1E AHme78IrUCFFbARqaGCap2v/Yv80hRiQbw9mZABmFj5uaIwSs3wDMN/tZiv8MF+DxXDDnLSjaLEE n33h38OhBWnA/UNHBcOeJhVmoWqH8EF4G5TIweEQnzP+G1/6wcOLRCQh6yWLVPqL8ITJdBGKChd4 ++8FCzgOdQdGQoA+ze878gqAOmPb7QvkCUCKCBp11cFeNeu/287+BzpMJAh0BxbzBSoO9tkbyffR +MDCwyPBvVEAEOx0Me038Nks/F0Mv/9NEA+2OALXrbGBA0ZXiagFWUPaUvv9Qlld/DvBdQ0zddhj kmzf6S0GQOv2KxQEeF2D5m6wTQBVDEOTt7Z9e2OEyQg6AhhBQuvtUAECL//i8QorwTcnVleLffaJ dS/QceH4gD9JhEgrU9Y+Jg/M0t3chTEKFvxGDSMj7nnil/NGD74EPsoRWVzf2v9vDohEHdxDRoP7 D3LigGQKJck4Tdz4NxO3iX90FsYvEECNDImAOLxzBd4fTErQgxdPO3UBRhknfjfejs4AVGoU75m3 E024+KI9upYgXY4Wi9vdiBnrFhAlcES5taUIkFANf7gQ7hZct//csItCMPwgK/NQYQfP2q70xDvw 7XRRK/7Zv7UD8+4cPo00CAP3GovPK8s78/Vbu9SNFXMb94V+K4vDK29/+7YnAy+KFDOIrUY78Xz1 67tB/4W+xPblwHwPBiveQBkL6ElIdffwLQTrZlBGGVANjTwsuM8Puba2nvgtAK/C1rS6XlvL+J07 hjYtXcMQ+yLwUD9bp2mad2luaZb1uVwul2X2dPcu+GT5bOuVGHL6bKI5lZLl+GRIEGi04KWpbQuU aG5YZo3rx2DtRWtRrEYDdpsttsZIVuNXCsRWVhyUJUpbBQgD13D3to/AEcH4agQ2/Bhrhu3G0z78 BLuiUSsQzmxtbPgsOyESjzV2+7B/L+BqFlAsFnV54+DHGFeIG4BTNVBFH47Tm34prjl15nRf1uYK d1iXF5faQvSG+FDJARiDdrwCM1VBJHR2M/l758FXuGooiloodR4auv9tzDjIA8E7x3YCi/hH5l85 gnGhBsHNf+sC+dLbL51gUYD5IHQFBC51AwfSpabb8Q4z0pp6lTwCDW1jY4FV+vk78skCjhf+/0AB g8kgDCBryRqNhAHF9aE9pAJmjv9vGyXIMIPhB0LT4sH4A4qAuNvt7e3/ItD22hvS99qLwsM/A3wu BAZ/KSWR3nDua9IbSUXTVBGgz0NLDY3siow5Zw1kCZzabj1AC3zym5GYhp4agn5TZBDFMDq3eAzJ APyOYxt71pZmiRZm9BTizbkwXQwC5Ip1tnPbdA4EOBcknQYGCG9caE4KdFk0O8KKDutYN0qGCQHo rAw4Z2zjd//IKsuIjBUMIkI72H0eKyG8Da39pVvuA9iGFMHpAvOlC/i45ZL7AwPQ86SflzsuQwax X6MtNaysNH2ApDO3wqUSwQlyDbdzhDVYibZ9p0akRg3tDwbbYmG5DEEC2lZ847MdyLxoyV8RD57B XhpfhxoEeetlLUYdtyVK8OhDBJdgM2C63THXNnY1O0N9MP9v8Pa4YQQw1VAF6w5IQH0Gb2N7iY2I AesGDwYA/DhI3xpwMZQ5DHzLi8ZidbxbN1FZ+K4nAGD0O7bU0L5IfWuB/rnhX8UDVfZ2K/wRhdJ0 SshPF0AJfguKEzb40v+IDD5GQEp19cbDLkbrJ5T8js2xYMYCpWYB16/9nVyFZ6Ul/z8LVPaNxrsS BHym6wtpdnw3/y6omf5K/06F9n/0gCT3QF50A/f6xK2pkqca5zBQW8wQznh7Rq7I9rF16F4bKAVa 6a+gagxYDcsjcNt4azwC9H0HOekWK3W/2IWhRVNyi95QKSaFwW7wi9hZOxdZfB9zANRtW9tGCgNO 1sE1+AgGbrOA6yj0VODrAzqLDlhwL7XSyRQB3XgBGdhcEL3c7qJ8zRJhYH8JjUMKGhRM1941nAJJ 3lJhEqFD6elDEtgF6+4Mg8MGDuINCuRDd1stYY9Lw1foPn9hvgMDZoAkgPrQMSFA9/b4hf+r7HRD GFeMQFPj2LWVRVmL4eQUdrDwsNg/7O+DICxpurRtxgUJ9OyJAfqLWmrubjvfjCL/sxX9X8/RE0b+ DEdTVWttHizB0jPtZhAFx0NP+GCPUn3YO911PC3xubUCC3QRMwGXUBGuDTb6O/2J0SRLGQ5joe6r g+8QCIkKFHS2zm1uixhROQsPGEBozP2d/lXrAVWb2bQkRBAGbofhF9UoFUbzhY4Qtru7tWrfoDBe XThQVQo8VQZ1byfKx2RfdCRAU0QIPzuzSVQxjlwEVVMbz1YqdlXIbqZY6HLfbN2F7S8oJzQ77g+G LAf7S0tqDgJGV4PmD4P+A8rr3lZzIQH++Q8gGoRfzG0Nc4gNf5n0fWVuM7F9KjFZiY0kyDDfkndX 6JYhHAMYEbEQ6wT8Z7buJeGDvwo3ATafDd6cLE0ID5EMAw+Cg7cj4Wu9GVX08HF0dnF7j3UVVtWB xxCY24sHazmC1D0YWzzG2WK89XaJRnEHjW7Bi/1AkkmXaiXhK1wSVkPrchsO6xT2HImsJgYHOcev oxghMKyLP2IHbb/tsZ5BJCUg5RKDEhg3oNsu2R7/DxQKFBol/h/ECC8Ni4S2x5FTnoUuZGWRJHlc RMGL0ehhDWBLGrhiPf57XVuBxHd7b+1cJgNYVPlyK3h2oa7O4pwWEQIkamQ3crUNzZhGkXzWPbEn OrjRrq++0C1W5J+Eqx+1O8VR4zvFdFEht+QkaOwPIhwWWqM0EDRJDyreDblK5l/o63BX9xYO3zrA bB50XlO7g5Z/8gDhBUR1SlOKOlO+wV0YdEccpXSNRgho/zg8XZ8rdxil1O1X/bCV6AIDjzfuVnWp W8+ilTts+NpbHFOgC9ZswdxXwpEFc8nNmoAHxQ9R0QCvZV9N+MiG+NIMWX/PQryyHaO+AEAx6toi 2NOtzvQEUS28pxHS10+GK04hd//RaAVEdethjXcE0VhqNeukQlc65MKSVo53tp2u5oARCuiTFaPc 1nhkTBEoi0B9SQAb1tAFB6NxFbWNQgMY+IEZLftZ/dMEa8BYBvWb+5XlZOE6+YN6/3Ri0f12MS4x LQXpCe+ODAuhBPnDi6upbUYXtvhXSIADgOrQroUuQDI8rrozSG2HdFNnEF4kAXeQwQ8MM4oO1vRt HGAV4p1ZEx9sW6Nje3XFuyzAHAzb4pnNMAgdF0YyN1zilgV149mJXNk8PECxksvedD8oVBTefxWs d3iXiAQrQ1k8GRa6wUq9b0CYN4xUa4ntek/5BCsBNyDdgx/Y61DEK0APws4WspgVKoUL3Y7kKwZe K0DcSyXcttV5rWErFYuDs8C2N2gRcffrPj4GPWeJI3sTigY8G6YrarJ3iYDkdA8tzVnXeA3Qtrm9 toa1sO2XtrzTJutOjTwuKAe6mx3ZGzwOuScjenfbSC4Hcz+2Tnmv6trwLi4BXOx8CtZAlhwYRrwD 9sZRw9CiQSONlAYLsNCwNIBGJwE3siDdZYfGhduZoYYGGYjcu2XhA0NHDjfZHwOAIwAMy98dNjAy ExA8jUQ3AYA4HJVBTmjHGRAF7YFuzDrw5jXrFRAnhNg2XHPHFCaE3mqjtlFHD5Q+Va0EN2pJXfol cBBgMHoLtflsegULXPtdonHtU0XGOR0So3QEcBbKhgU5QzX30QtbqesLTAf/jhM8Ota6JeccHEiE Kn/k4r178BhTKIvLKw0UrN1b0Lwxo3iySYzvM263uVWIj+a7gBO9eCJ+Bm74U4vFi89aMkBZiS50 sXdgGXmdGJTEGc09MsgGgyp/fhXus228UtdKBwkIf9ntvex0Z5GKDWH4IQXRcnvrKkEguzB8C/05 f8UaDg+KiHkDAOUjsf9byodAoRlrwGSZ9/lVFYK/jX6CDH65PQwy6x1nn/xtnCBVFQZ8CTzrBwhG amEJx33hB8HDeV0XTJnBLwEgYOsFrtFLTaISawY6w6IKIeZ4Frw1AScU4h90yEbMwISDRy5swtRG gas0fN6cUJDbWxjpF5xf4rgOVv9GF8ygMIPa4sZdt0oxSPuaOR4a0q9Qqd84nRx0HreYCVqAxrNB LSvOUlyND/tCN0dAOATzjYQVQyd5GyzYAW9ZQIX3xFKrqwFXRPjPFj8T5rqrIMCvNUZHgftsppP+ 2imsNXVxuw0W9mbQdCO40LNnOeiwk9hWsuRIZBPlE7ocFXokhEJu5nZ0M0QskfgskRNCLBkQRlF7 +tACnfnLMCvEOBZQ+uDjVnnKUfxrDlOLILkTDd/49o8CW+kDSHnwH34PA8faQKN2KxK+yHXI1sXu sVS9i8c/NEUSsgrBUSQ4NQqmwjATvAIkDlUfdwE20T0nfxINjY21pWDgvjLL1SjiwaJuR+yMs4IY YvCThlYNHtwti3YGC4dQaG4cNteGg1rI4sTHD6cOasPiLdjZRD3rP1cW3WIY8IBmBQCVHAGKr5mw S8+IBmSEoXy5iLVoHSSF0WXoUJPIBHlQobMkDXj+DVAfNQu1PGcsFGP+Ozd7E/Ip/PxsMBL+Zs/Z PC38DR4XPfxZJ9sWhkk0/9fk4P66WDjyCBYXzjcEWUgGjYw8WmLWtq3riLCEqc1u8epleZj5IQZG PsymGqr4LISMMswGxC6VHBT39io+9e67j2J0J0E7ynz0C2iDwApgpPhoLQwM5/QmZKh/NVJAan9Q EFaAUGfOCXgtUJ7vvsN3ISJWYy10I1Zof0cL7ud7tbecg8V49P6UZMEVOLjt+xDtKxq+Cos21+h8 xgN/a128oSZV292+O8NXdCs5UPtv/FgEdQ4780qLVgg7UAhzAnjuw1utDMZj5oH5vX4JHFrIdv8f OV4EdFy/kPxXU6YezWhPDUsSdBkyaG6MTmdJDInw9jCCPU/wRQiJTvRjjrGJiTG4NY1+EMfcs6dq ev8fJv92QnWTsz8dMAhZRVdfFM+5SM5AX6f89Honao/EOHBk/0AE6JqsUaXGL/Tp2tJRs2Mj8agD ZiAbOJkyzT17UpkJV2jr3z1UyUCnGbx0DiyEV8JCRcfNSlbOLPyY5ICAhjltE1ktEPs1uypSWWKB t1edrtTOzg9h9C7G6HAytavuHwRIcS6YzlAoHl4JHLz9fnNlxAwPVsZGBQFjwVmj+2vQCQI0MgB2 BzXszGrBagHAD1OTblvEFSB+LHUgxH8XbZQru7kx9/GNSAWFyW9U6Pp8Dj0gHF4Hg+Q36xoj11Lb i04GxmgPNbMErtopdbVbrI0Y66Bddol+66FqBeUN90EjxwTEODp2s9sRJhx/42iswC9sbO12g/8B D5TvKf/VoVM1M1N0SUOAePEt3FtjdQ1F4NAOOgh+JlfY/oJIATtMHHLlBVfdQvQNotiB+6AfshlC OmOXXreBfYH9VnlHV1NZ9FJbU4j/ZjvhVDvw3Vc/oSkaCHIKaGrpMvzU6rAAMhQ/RNVJk7tEN0rU JZwTP8SedGgOalUuYGggA/hsgWA8FV+7g/sDBuGENp7nLOBRRGJ/fdgMPVByz2SzamQyfM3324yj 56OQBJTDud4bPMAhpMw1DBAMf4k2AJ5+Fp8PtgiKiSBiIx6LFW0CiAiL7dWiQH829jl1DBvBRP/t 7XyIvygWIVuJXfw73n9moUI02tjGKzAXNPjJjlvAd/zUJDpJ/zeL9FYI16pcLRkEA8auxO4YmYsH HjvYT3HbkoNvEytV/ANWSwNJKyXa/q7WygmKGYgYQEF790cyXWBrK1sB8otfBJei0TlPdHWvmQ+O VPp2iHR2fE0MUIB+LNRoY+S0SOz6TDMYbF9hXv1bzAhwm9mI03041sRdavsLjY1fAU/4jR7/Lbx1 XTWzFYVQz34TBESWHBcqr5QQF9nMSV2oETeff+25En0jvhHPvhkUMIC6GBZAWXzt6w63GjXpFDFi t8h8civ8/+6NUQM70H1lO899YTvBV09cBr+1Nti7IUgST9j4O8J+Q7XiTfw7x34/K8EM/wd8Nktt sdEvFgPOO9d9rAGPFdEQfFMRQkGB+v5S6R5I9Vr3EDc2O1vmwpfLi/s7fQyMMYmLNnUSbUJfaBQR aBAUWAi4QC1WwIPEBk11tT7jVuoAykkAA/qA12CwByhwKOxtHbUo0Y+ae1fOD8KuRBOkU00VUVY6 f3sr0fSTBfBQ68jOdgWLzokDSn1zIl0BTfSIX6Y3wrlfojwlCCaIPQiB31ooyvDqgX30ALDZRqJb cHcYo1NQ2ex7o1wY2RdLy3WxDu1qY5IJeV+U9kZDH7DMIsf3xh+5U+WJMoxo7vFgMoDMfCOxFc62 v2TOzz8IxnMAb4sDHSDQHwwsg2xb72j6RGCe+A4MFiqVhSQEvEWfLSsoO/vkA1vr2Lbbb/1HZItP YDF2VfxwNmyjWhTbVXCEl0Dc7ioHTWgX8XMoTkRz1FL9L9wUPohUBeA4HD6CRj8M6y7dcug/DDHU g0Vwgmmg8ET/TWwIViwPNybbyWBfCWSO6whLHGBrtYHusoN0geE7GOs0AXzQDmASMBj01FplWZYt AVNvZnSWZVmWd2FyZVxNWZZlWWljcm9zAJaTZW9mXFdZlmXZ+0FCXFdBZVmWZUI0XFdhlmVZlmIg RmlsZVCWZVkgTmFtOEjBRi/9lnVRAblFrtqdzP6nodduz8zHAhmQzEADFgyZFdD2eq0iXxjQNxvg 5ScfnMz+PuZZW8cFiNV7CPewABqjDe/A/ScQg34gKA+Calkryf84RreeaKssID2uESIGLIN3g1JC FchACSrx335r6BN9BzLAiOHrHo1EMS1qDw34kjSF8Ako5aN2lYCK/Xe5AI4R2LZgR58KCaDNNrPx /0JbilXxPHB1EoD6bF+rCGj8tr9Zoopd8jx0dRoPeC5YAlT+f5sOYnVHOtp1Q+tSPGh1Bfd/ay/r eDxhIQhzdReA+3B0ajxzDbdPlrcbIYD7XGR1Ew1idP3Gu+dOPGRiN/t4dEA1PHdfdRHGhtu8HmF1 DHUHnyjrnCzgQ6njGn5pBPYW+Dlk+hl9LA0bylvv4v1HweEUoQo4CcHgFO1zSCz8DRU5TiB3M+sL rwh8mSidbUuIxnS1OnWqe2MdnxBomLwOAnUJj1+gEmNw6lyeZVdO2Fywi+87/qk+EnPADOXcTlk5 NeUpuIOWix2EhuSj37OFV3DTCY29BVBP1QWzFj+APDhc+Rk8OxBnDhVdEXgYyXKMk2hAa6T9Vn22 lSr7kvwVUHUjAJGn4DXZMOBYMbt6dQMjT+sRH86Kj5gka6zXvdDnZttwPDsbCNEAdK7MMLJ8EQnS nA9avlE22cVQvlRQt4h9ySsT9qXMIGoNu8CESyiJDEgiQdhRdlZCqUpDSCdY4RextdRQLVl5Gfj4 oLG8HE5bdcoDThlGm7QYrw2maZpeZ+VMb2OCpmmaYWwgU2WWZVmW8HR0aW5nLFtBWXOSVGUsm+W2 bUbTcNTVctZsm23X1wfYeUrZ2kk629d1XdfcRt0v3hvfD+AL0zRdXeET4kzj5OWoHXRN5udi6ES+ hGsTsmXqNkw5GBId5oPD3eGAsHx7RrYcAC80TGYkA3IZxFRMTNAowSTXRdgLO+xGgexQMdcgDOGR bBrQagWIFkvkTOpA9lSpvREOKQYEar4GNrCIs6z8JRGN9yQiFoqdDcd8J02e/YgP/GkPe7Zjg8YO Q1ne/C0e0CJQNys46MJO2aRW51o7Wf7V+2vED6YFWn68pm92u5AVKD/0BERFRbD/BbF+2F8aaKhh UevooYQsnxTP0nU/wgQU/AHDM/r/C7XJ3bzRXvbCAXQK0eqB8iCDuBa72BZNAglOCxSI+A7w/cD5 5Hzbo0FeY7W6gq+BC2+Ic9EZwVKKBNAIf6ELdXIUu/fQa4oWM9CB4gr/7QO1wehdFJEzwkZPdepi OoEg0BvlnTy41VEkOrz8xQYLoqO3N4Fm0ekIBQvBzWZXcOzfnvDGB2aJAXIK3AcKst1s9PDUB2zw g8DEMgTDyDXe8i/kJ2VC7Qtw4N1WAEZqQi4g4zIq1PVrO7v/6x0rdKte3xf8VPj7ffjP0WyAsxfQ jnkZUyWsYbB71zzKUTz1LqMnMXxzoL+hLxZedCMd7VfOrbEGZFbTqviP22lrqv2mxgf1ICQCPSrL IEAMhKmWZ7kmffTR/sn9DgKFoB4IEGouBFkO2QuIFtib+LZEvMckUEsDBATCUG4z3Q0rvAoABY7B vgOtsGuakMCSL0cTdCXruoVy9xaUCsQHlhe2LJjtbrwgCTDGAp8bjdGYFtNlRcpFnG2RaGsLBxAU Dc4h6LqyEKA60gOkseYrXQ8eUKVAeNRrzp22pgKyih48MAUoxAwVvw1UHBzFW8seZohbzLPwLJ8f O4eEhEemYo/GMVq7DTFiM2kZ0KX4OU62MLPAwCMrGEzVsuh8LTI8z4bLwh2IAQISjBSsCnMBbAiu U5nusrXGZkU12AUGL6HtNoLcqS4H3itYXU6257PgAeIB7Gvk2IjRmxWSqAQhiDxndD8qxl6nLDjF OjNNAUCvmmWIULxHRYlLxRJj2PG7CJ1sBV2Axzvdxf+TyaIfCAd3P/8kldlb5++GTfroJkQ2aNgG L2jI5+fn5yhouCFopBpolBNocBWz5ucMaFgFaEhXeZdFvGMQaEQRkAN2qUs86i4RSjZoPD2MfXZy LCAraGgYB41W8awQkAaBw6Y7mHQvWVMc20vQKJniBQFhjhRvFaRdGAF+JN23gpFa3jvKdAgkQaJN 1jX0A1mUBUA32X+EJwOF0olV/H4aGRoXD38D/oDCYYgUN638fObGhB5HQLNJFNy+kKRVtJ8g3w2T VhyNcAoahB2hbCCLSh23elqmaZrOFwOIj5ad4E1kmqSrpldoDCc0SNVtyn4ERxhrW8eXfSTSWn1I Eo2eq8oX8MYzGDx9ALYEAlJjdXwmSohTpobbUOYWMG8JgcaI4SXDDQgf2YZITb9aCH1AH4QX/gz/ i9qDwyHbfh0e2/t/r5Q+Wkc7+3zjgKQ3C3lbhr/hbzVqLUdYuaApg8EIA/iLAXX/xvuQ9Zn3/yDM R1kD+Tv6fd5B90YwDMWoKkAS7oM8xX0BaPQ2IBT/NMWk6YLEzAu9H1oynJCDpPgyABnmMyCX+Py+ iHiFCZNXRiFtJxSHNwNoBCc78RBWDx8JJVB8EIUQbtrtHrsjIBHND3wHDSQRH1lDjPjN2DYFfVFy w5mMV30PXfqDx0qdTPb/fiwsGxp5sYeXN3UzCAMg6wpslAzd3sIbj/d81GweC2jrdreRjZVjArNO YGpQHcnJhUYtMBnw/mTkZeEgLUbxO/I4Nw/hBTaINBmDCAOej4QkECh8FhbsLuE19yQWEhV8DYYM QZgcGxiYQZsE6wjFQZCgIbAg7dBf5C7idCEZQiaTWQS2r3TBxA5lrVYXrZ4m0GSWVkeGBRXO+P22 a8OzFoQrRBtoFNDQO/U6vPBhsR1bNnLDnwOrBWQzZmpVs7FO3wmqWd8HY0nXsB5oMMYG3QwShQHn yBCApqh/JJzOBQapIEt9B8aGa7+ffyABgL6oU1e7rHUkMGhgYz/H54hTM1+I7TazfepPJvVSOXn0 QKqv0DtwEOHaFGc2QwPVCVzl8D2ws4W9K+8RU1gLmh3eKiwW+8LsbDYU+lkZGlAzB21tPHD7VKys 1FzmhwL4epNnCjKpBrR7cgWp6tJX2lH3DCLkgt9/UURGmnrnPRIeMNe8RJzJVwV7IX4YRtS0UIt+ eANzOQbH4EQnl0AnWTwncMCGHTgnRUCZuVtxggzsHq0W6GQwA/hocP+zM4TdVHXtewQbsW/LB8wr GQIPaDQnJmxw4GsudiNf3iIG+xmsFSgNaCQOIDgh2MCUCPxQBzvQS4RH4oIQD4XChBmPINeEL0M4 rFdiMlSmDEdgmFH+XJHeEWzKAglzUEh+JONBGDLw/cZmB15eE5YmU6DJaMuX8zxokFjSncxQaBFH QRpj/q9X6tcKNEYzT9pTuqIBOCuqxwQ4iL47uqYzlJ6wBuogfehJxyeJA+yBO699DmpDhbPfqnYe 6w5QsMMWjBMRB4LWAG7iJWyAJgAeVLf/AvBmf2De6ER0OUhIdC0IDnSBsEC0HATQtB/qAp/BCs8w 6yUnBFEh9OmTL8OBwaDr7zCt+f1tJjGIFoBmAR8IAs9knevl7Wl0HQR0dBB3dV7cMSI4AreCx9f/ sYiuV9XYkct7/kJSEb8y2Yv96SPHUAwHJt56SMNtJ2hM4VYYX09QCfpvU9Fn64XgEv8gigNDPHx0 Hvd0GuL8pZz7FjxcdRwSCmsPiAH/B4D/YLtUfNuLBiCTXcM8e/abymz5i72L00aKAkIq9rHupQAM dOI4CQ116+vVJfQGbaNNQVJ/i9FJHdxK1GgO52R10hfOO/vA4Ebryz/J6yduoUBt+bCbCOsZOgeL 8faUMnXbdDcFAUpHf9Ucd53Z0fVEVBvD6QpJPCSlXRdtklALD0mAIfsJ/kSpNz5vU0L/N8eGKYod AQcoM9F3QGhHFPdbuAvZe6Q5iVJ4TjwgcpGjNzZ+PXQ9PCsDPGM1PH8zgC2gcTyAC0EpZLJu0RAC DkZbPNd9IdqnfsYEBg0GRgeWePdECnSyDF+AJAZYY5CDpGkKoApBkgGZqKAI22mih1ukWlAYIWow uGMbrl5QgOMFOETqEL5YBAtQob6VfbzzpeJppIBupf6KTA28X4gK/g9wAen+919zweEEwe4EC84X iEoBikgBGAI+W5ZlDwIGXhkCikAMBrffFeA/ikQFDEIDvRgisRXOeOsFDCzFZAOBVy5wDYJFg+h4 uYivwgQoYOwBKhUX/n3wYT2yAAtxciZQV1/orTYCXOhcOSmTIRbAmZ81i0ZCSvD/vv4DioQFK4hE NfN1u41VQXpnqguOVpeOObi4BwbOS2rXMBSQAfQWWmjUfQk5lwMYEeZ2T94NBH0NDUMECkMM61uL 1vg1+IgMTmVLnUyhiLnYcg0dqCA2hhBdewRynuBtV58Bu/ApRFav53QqiJ9tg3ajcwTdPQgC+j2X ujUEQnUfPAMTBKVWiYZzDOETf6WqQjlqtMFcdzf63ouct7TAjZ+00GVj5SDmm1AFu6FnjHEPUg/Y KFAExalAZrga7Oi2eG1Mh1/TrBRWX2+nDVUtDKoo/7dVaLtWqrGgFtWVG8CBxxGwBxqIbJAWmo3t JkccaIgV1xhDswbJoPIWfLYtrEQQM09fJxv3gI4imllP7fxtuijleIu422jwKTVVswOSsVnTore9 zSRXBfK4mB1Bs++9ahpUVwrJRq/7QVUUgIwiUlxfcEFMuVLcX3wFuVFj0bmEI1YFNFHmJut2Rmj4 q1dWGFANBRzgYbRpMwlIyPdSFSvk8w50gxH4wMNTSEW54aJ9nxoBrwF+CEUHD4wKwmgkd8CKG9NA +I+JnQ//8dSyscpGmkZ9Bom1Wgk5eBveCftzoQ1u+H1E+Im9RPpC7DtzwB9eWQxBC4N8kt0KS/VN w421T/SoxLer3V51c4uxvwE/Rbj34AItbQWfI2EjaK0HDBMMQHe7wUn1FVAP9CKIGE4//GYnV74K zliRLSc4nSeJI9Tq/HDr/dY5XY7EF2w3CZDoWOsYohKUwCY8IXJBwwoZMbgANJQ4R7F+clbYghbn CFEpDibCC9jFEDg9mTokUW6hvb+rBewHMkUhYqbH3i586j1kFJxGASdV9AjawYDSfiUTjYLI1iQO WDJ4CVeDFDNJAgp0CgANwKVYA8PTl/8cQHPSFFSWg8j/66wiFaX3jsJbiwvV4AmZdj8wRRs5pGJX xgcwHyJa1YCa9qDLbPxCP8A78FciY+pHlpFtCAhaDFEQD9+g+82OSIoGPA10DI4IdXQEPAnmaokS EzDrQiYrESPMKv40JZoObmJGMj48OpANCtoG9WYqAgQXPQ84QA30JYk4hA3/8BB8ItrOJknOiBA+ gfmNjf1fMXK+6wFOgKQSAF3MuVAHwhVUQQD/mKG16NN+SqkPBTFXuw4kODEyRw27e5U4OnVhHvAj xWSmRg/cEUDsip65RtLKAUZ00k+JpnNNWBbBuWFdQh/Lwh8KQjvXfOp1DAIoQrr213UdC+M3Pgp1 8QUMKl1qo+gJCDANrusLGmJjriALHAcGNQ0c0RZUVoVDNFAPI+rGTo0K4Q020g0AjpI1Y/2FarkN dYTzRwSLwooK6x+kKNQtPAcXODx1FPysbXwSPh+IoxXxgCIADIGBINtGPgxi4was8HQyexAkhGko 0FERLAYxaxhzFUTEr+kIgkS/QOszbqnGSlKyipQgqb7RW/n6CXUTQQc5fxKD0o0EgCb8v5fURELQ HjB96YA5LXUZaR3Z1KP6VFq0f7aABkF6m0i9vOjULHJTOUJQFjBd3Cqgut9s5FuFVhtDXTEn/LPm kkOMEC4b6j0BZifdio0Fk9AVjnlJBzEAXIAfEuVgjEBTlvT9I3JVh2q/5WKyrgfYg/vk/C2LgshS 56fWU1FAX8cPFpIBBDB1+MN5Yc0Cb4C+eFk7xllalz3dbKsTz0iM42a/Bet23yBOMYi8aHwEVzfb bPPNxDR8Bz0rfi8rJnh5tpE8bFo8K8FFk/CPMT671RpgzbeBDmQ2VFM0bq1Ocwe/jTb6AJLnO0Qx MUw8ss+cPdUALM0lNCCxke5Z4bUAho+qIgsGHltePTSMaouqZePj0OsN1huaDULJaG+Z++f4dewI 7EdR6N0GQhHr7jvCAQCDByxEEQ8Bj9OboXKQzwUTKwZ+0YnIEGd+RgJJ3nVF3qAqBWgsKt8RDtj8 apl8H3d9GNokYGvWPogTDh73WeCM6ISv/KrGlDiHUUKRJP7ThYdP6bjkdlCD2Coj32dDwNyusCpo qFKgLUyaYxdc/5g1JBfQggbpn9YBsYCzM1fZHgdjSMlKYfD3QYzYhwcQEF7WOPi2yETfVx/RJtiZ rBWSSvyz5yN+vEh6ggAU3CjRZAF77HIB3+zp0txXnzjwvAKPen3nPhyIvrlUnFtQ4HQrahktcgTZ DtzhsrlUmKreqfhd/bFWuO0HIPSwnUtEwx6jAO/0dRi6cgCOysqHVRsWgCtI/+8xXtJdJ1sPlPYU AyohcFsNDEtW7D1FkJMD6VHQDOzmAvk87Pzs/AU0bR5qX7uEQFfV7F0oTIzWnDp7CHPJyJPw8HQk 7AzE/yVL7ux0RIsbhdt1xyHUjkML3x26SoPo40DdvqpCSHQ4Ai5I2wQFi3Rm+Gn+cqMf0IcP0+sl fmNzQxiy710m69do7AbQJtaARf41sQgAdFiNp2TAAMg3nC/33rl4fA8vd2KvgKVQN04to7skYI9Z FV3iB56O50Az149okXRg9zfn8UGIjAX8nUA993MRADZffBgkrhdXoB7Vpo4ZrKmJbUeBWSCoxJYT JAwgCQHvLDNYWZG7dPaC23ZCIYp5+xHYXHQVBGzxvcUvGMaEBSJcBQVPs88BQ69cOIsIG8hgkSsN AH9QMpjAzWmrlsFIXL9rkFa54kHiK5LZqw4xVsKXIRhWzYAbm8gPhpUBO2Nj5CafGSw3AjHAQA+A j45fEQAOdJreH+B3qkYxRmZYQmCHSarBFY4XXarzNFdVifN1zhK+51I2izXWTdbNgk1GwK1Tm7Nl EKXsaRrT8ZEB6/h0WgLAwnnChr5TUR2N+MqSSZru6yihU/gI5OVsWBehXdY5XYLLJlXPmljahF0k lJVkZ7+aheYq5TC7FwZDkQi2zb2o86tOqFeqDZmQAAAvOvalV5gje0A4nAUt9jszSEchJDanFDyz Pc0PqIglqVkgx4Z0IBgNMBgjgxB5rCUxAqgPIMggwHxEcAjBdQ8WO3c2+9coY9djeFlX9TVQPMDD ik39ECu2akQNQ4AL+l5WW/yowC1RC9e4goFiLXIQDhciUaFV3WY6J1NmFkoNAyVkTB/D8LKgk2jg J2ogJ0jWBWMAXX7cor8AsNJfi8/38bhzET0ND0sALLjgWoR62vy3nCM8WSEFcwdogOvcXRPerFw4 rlBzC1iEuws5aHQsJSAaZ1fyeTxzJiQnMjVwiZH8JiXcJWlw3AA3G1RzBmA1e/bYdQRn3mhoOywJ 0BmbzJEeLtc2fFCB+sIKf1ImJ+Oc8IR9KQyDQXIqCzI+ydmTHnIXEhQKD4OoGrpmKD/GR+lDHB5C 3txZigI4aNgrPHITt912SnNlQtAw60E/BwN7eCU3SGiY9/c2BDhjO7ts60FZPyWUWPJSnMBskDMY AzQEAnap3GhIR1dLUAMlIgw7AxiVu0XAviQlWBEwpGoZ1QUD+f0wKzgrOM0lHH2A/P4EqM5EYHi5 TQ5fn1TCBbL/Jfh7JQBFYYYAsgAniiIsA4gSpmma5lAAhIB8eHSapmmacGxoZGBcaZqmaVhUUExI nfuZpkRAAAgVBwP4mqZplhTs5NzUzGmapmnEvLSspKZpmqaclIyEfJqmaZp0bGRcVExpmqZpRDgw KCCmoGGmGAAEmmV3uhATCAP4E/DoaZqmaeDc2NDIpmmapsC8uLCs2KZpmqSglIyEE180TWe2lxMD bGRYmqY721ATq0A7ODAof5CmaSAYDAwb0UFCQXl22W0ARQO+vvlBAAFB8v/uKoEET177T0H1SIxg +UAN+////xUpKDJhMTMuJjMgLGEiIC8vLjVhIyRhMzQvYSgCBWD/fwUOEmEsLiUkb0xMS2VBAPsn 5O0RBBMNQEKhQU5ASkBGzOvek2ZhUTEmLAMx3ZBv9gUXQ/c8RexsFuzBMx4MUQf2t+wNBgBPRUBB AJuET0UUERlxqFHEI91kI8qhJ3BhnVzZYP9bJwFzSNlgk9wx/F8nohFEdvIA/v+PpeF1J2BNSENI BO0/dCaUQoJjAvqyNDe3IlZpZ0y+Xuv/u//fAK04MwuAA3oTOKrhTr4ARgrsH5Aq2QfAQf/9//+M x+8BuMujaHvf/vvVSnZXEgYkrU/rI6ix/MwZ5////w7sPu8L2mAakZPKZ9qyludSSfAro1COZjVg 5f/////qQXhcz6nUC63MlgdrUq0SUEKZRIi9RKl5tsjTviOi9P7//z9A92FvV9Qv24xMD3mcoDQO IV2wmiokMy8kLf//hQDYJS0ttrr+Ps5jZDJjRmRveWvr7vY5b2QitIZWNzhvLWY7Vf/7/38iKDUk QTnlK5YX9oapmjFhZa+PVvyA7k49tLv9//9rh8YGUgdx6UDUB7yZ2cEo7rYFyvAaHf+WI/////8d yGNQ0SrSMNm8zwI452BJ9QgjZF+3AfIBgRAbH2f////P64b3qBxRbpcSVQVDwKfgmYm6kqanjKBg l0Z2//9f/oLGTJS1rFW3vhsERKii6Lnirr2YQ8bLDWvMA///w/94u77AtzDGYyDcTixNeaS8Bav/ 5eiOnwohCv+f///6tzH9/v+HP9ppu2bgq8RxrpVEXMlFeJGVmKSP/P//2JqnuT3jXiQX7YUFY2i1 1r5rAuZi1Xjh0vP///+9ghgaJNONTc48ta6+kBzFxA4/6S6hp22/VQJA/////+LgUEkPwz8StnSz e/z6k5Zr0JLHqkZNUFdESE9VRUr/////UY91nL5WR0tOVEFAQ0JCRUNARFAvxJpEREdGNm5AJDX/ ////H5q3t6AILzUsNQZDAi4vSSJPJb6s/qASNSAMFMwtZc3/v/3/wK19RHYSFxYrYRhygfcZscz8 +bx7cpqy6ofEdLf///+/SEBHdrg+GjlyD8FkQcqHEmqGEczFfHlulv4Rt//W/8oEPb4xRb5UxVFG eoLIBC1Oz/+BuXoG////mBuavL89lMzEeXkRKdNQY2m60GzZUG5lOP9/+//LzUQdtp6ev8G4HTW6 bjVOh8VEYx3J3UR4Rpr/////Pzo2ynxhaCskKzlCvpbCgUIjJUYhrPI+ygwlTu6JEAz/////KRlQ YBOML/uYzHxMNcKFWWO3qPv+mytDEitCKf+BWl0S/7f/ub7s+pz+uClOjso8PcgcJf9BS6pQ/9/g /xwxrqQ+uj9lyhSlMcKjPszNTHm6y9VU4P///7G2tze6cVC+BDFDJXhEPZ3MYRIQESN6Kvceuv// /9/bKRhZElEXUJ6ZQiA2WT7nTsGPYUSWXKDIHkUoef///2/4gVMtJ/E2KXQ3DEe+8p5axKl47MwE +UlZhVVW6f+3+K1crSsdF1tlST5OvCYpmo2waRcjv/3/f3sNRNVO3K3s4Fo6Aa1RPagHGBLyQu1B 7FVJ/////+U9Vks+RJ/n5T8QnEEtemCYn/aHSjE3RMpHpy2CGmrZX/j//1G4ZVpOzZYV93yYcV3W QjwtXuXMl7aiTXq3/////+7luBjinUz4HenVQdfKdHmTscOwl2t5ohHHLnkglE170P///zxRK1AY dIMvyrwEFYYEUQXCRhGYK0DBLIzs////v01MW33AJ5EBJZg/8nohxIE1VCu+vRUljCU9LBkpTL/B //+X2S0eor6Evx8awoQ1iIKqzKpLyq3CrW3//1v7Bq03aAeP0Vl1UdPWWr4gcUqRepLIFLkM/v+X /oZAFsq+roeoc4GpUHEWTRZJFBjCDLW+wiSO3+A3zQr2vfp+rMUEDkVhzv9v/P/MvSVJykWAegNN NQ1yk6g/UMo0uXhF1zVEA/////+XP6ovDj2yQnRgtcSTPUxWasSsgr41sEV6NZBFN2AEWv/////X ixhMMdJsCj9JTU5HEpf/+BfxKxhDekY92Ed/uS71tv3///+BPVcsJo65yEXYAsK6USzlHBr0Kq3R tUGTqH6Zjjz/v/0vMxDCwUJOzMJP6WYA9pwsujwqygZ7DA9931j4/4krejnpEXJybtbQgQwYAcxC topV/////zd4FtVfTXhxP1FRLqwumsF2Tai2cHqXPEZXz33ZAvL0//+/8LM+7TyGnz3PvkfbMvaW PEV3MnK3GCoUaVsr/9/+/0n/VFddd7eVsgK1zFVxLSFWXDxOylDCgEXIFcT/rf//mXysq3M0fi1A lVpSTBhIKydvWajfScl2Al3o////wodGerI9Z+Bs+fUxmrlghW2CsC4n9zhTfBgY+AX+Xw+xxH4D tGUSyhxJF/XKcRetz9/4/xdFjL4yTUlTWcq5ysS+ParnXzp2yg//////ywW4RWIywEpaGtHsQEUy 4ECok+y6nHdO91tshknF+0T/////CUdNJy/e6jV9SMTzqZ1/Ie/ik52FA2FOw863gh4mVhH///// JlLLGCCMqjzYKp45IBsYeFfJvT8VquxHoL4+GAjKi4D/////oELMfVF6fzxSyj9FAY6xXz8geHhJ yD3EnXmnDg+Dcsb/////eZ0ydL1GoK/yfktHPe+YqlESRkODqlKeWcUeSUSrahc3/v+l4R3EtyoS qp41ZGdGocoHoCyZs3X/Rv//Hgl5Fy1PKR/WX3VxIz9hqbt2cpxyS2LR/wv//1BN9JosE834xgFN RzRFlZkZ7CyoyokwQFQv/////zT37Fye2XE1TwNLwrsCq18fRqhJrl6BAaq5/3UWx0gC/sb/S40x TmpJWK5L0VMfoOu8yDyxKUvSv/03hTSt1t1H8ux+VhdPBK/D2Qy0v8H/0lH1YPMsTr3E1eLKe2It +DJA//+3C84WRuW4uE2Zmj1ZT8oIT5hFwt28OVz/////TqpTbjJ8Uv+/MWxhKSVQxr0ss1hYxRq9 jY00vRyDpw//L/X/M1BSUHe4kfHIgmpjKtkfHvvwlMPHs0h58L/A/9k1Cf+VdAQyMbYwiX2RFhc8 +cyt////v4Tea1XAeS4/WplKes9mKyV+trAFHjJL5Eqs4HHVnfT///8IQ0WigvfoyhpjJWVnFEo9 Zaex8J9xmc9LKdl7///Lv0FhvnaevvbORnKs1sKKvnhpGD9+epw9YTr//4X/DfqFuuyx/w2Z/1J5 //aBL5301izYLLgbPVX/S/z/cGC+dbE3ILpg5DRDyp9Llz2AElztgDcy/7/B/wQY5WeZFomvjNyR TrSxerTCqUIQKV15wHip9P+/4KP3bP2d/OnCvwF6R0k/Qv///5dNd/mc48VlvgVCwrjhT0st/p1V ETwRH3qxPy//G/z/sZIlXj92+j9kGEvSXVTqVq67Pgo8QAcEv9H//3qvPZoC7UYphUhsHJ+dHl/D fLcwUIGVQP+F//9NfH4Nhs4+USnRHkCifS+9KdrEnCGrbq/CeP/W//9tNUvbzV2T7kcrrxhJjUVN iUlAdEW9JtGn1vr//1u3P2C6VBBzPttRvcHlRLwvB1/bbAQBee3f+Leul5Zw0YBMKW7Jk8IvN1ci zv//L/TOKVNdN0n0SXFjutjF7HH3aVRRwIOxY1P/////XCz3ExcE3pUXc4Sp2SjCkAFAGK9mfPsc gb8VnhKHBIX/////Qhxv1oqELocnhjWJNoggiqQz+FaLM4okjR2MDI8slm3/////1iiOIpGQbpMy dorvKNuSlZSXZpYWmRzynXeYL16bJZrAC///nQ6cjDOaNGqfXp4CAqE0oEkcljXd//+/XqVqpH6n F06mqvvvKqlWqG6rBqp+rV6aRKz///8LJROusS/JHLD3tdssknS0b7e2N9+5uNnn9yr/0l/ou1K6 NcoFlnu/bXoEgf5HTxG/S////65uS1xEkFnBOcKDAE8yWFVANG6nLEQ6iAUR2/+/wU9j7djsgDTm gVlBSUkxooqB4Cckhbr/9rQpAeepj5aGEyQmKDQKMm63///tM4GwBy+SSrOyN5EoIiQMJtvnETMu bb2h/7/9/zZ3N368MjsN+AypxsCIsU8JbIFtIVcbkcapVRL//3/rXeSIfqZxGYFsLLS8NEgBH8CF YIIiRva/bjH/////uiufHJ0AyEeOAR6qO5gBzaDieFYDyABRgYY3hjxWaEX+Rv//TF9KTQ3KXEUL XrzewidJQU/5oV45uob/v/G3KjGSymztqlk3VdoMKw5KKbtaPGN3/xJ/4x6hqvZqK/JDowd0lH2X 9FqFFtv/Bv8RSXLtjzT+KXAiXDE+BOmIrOwAzFv8//ZuTY4R4nddU0MO974UFMgvWcjlYf9/iYVg DMPyJ54rsD9ZM1z5/vKotyH/////7ONazAZOJll6vUePXDpJM0uVBshKBnf68Zr3P8ggXST//y/9 UXKtBhRJSQz2YRRdZV2GTRGCca3Q7KBkUef9////5T5IFpuBxPGxqsQuFC+Zl5gZ+mk0VuWD4VbB w9ubf4H/L0tRtkYayrp1AiU+kJ8REYZTCwJJ/4UL/RFsrfMuwdRFNDgUbXytPaBxRrzQ//9EEilR WL/c7GCcXnn90d9x8/Rl+0DxLX2DC4tLgBVUu1uDB4j///8LNhLLmcu6PbC3/gCCyrvKkIChUSdI gKhD4MLb////4IRN/7LrHhqAHOT0nb4YpcI/TUE0s4YHTQOUmhJf+v9T7HchpyFTggo+Qm97rI6C Egs4FCr0/6sPMYT3vFzRBnq4JGf/F/pb+B+OSUIHguzRFWA3OjHI4jRE/////5V5B0lii9SbqWqJ CoLua+72UwbzyB/0Dqp4/uYGh063/////3qOP0cKnoCiQhKakdkqvgOOyBdFNfPKigF0ATKggfQY 39rq/4Mm5IkqlYQsUGE/PMoMwFr7Ff////96SgE1eoM9CNkR0TmJvh/o+VOcNtoRVRiEesqGtpGH cv//N/jm/+y1eMc8Z1N2UWY9yl4seeJwRyh9gCb8W3yrKgxPF4tH71IYRvLYFxT///8vlAa2ehbn c0YJFgh6gDVQcuL0LEpKiwKDNngtvIn/v/EXHyuDH0XM8+rqvk8eC2EKrAkGx/9/q3+64fqRQ3m/ ufhm6tf8xypQOzl1OxA5of///61pEPVVRhgLtQis6y2xNGC4qcCk56JeiBwH//+/VVw1Q7aUBPW4 9izIyN6G/g10NJDCZ0Hj32ijK6RZIhy01UCqR5CK/7/9fzZdDDSvEWpccLcKPa2EV7aTcIeBRQg0 tTua/y/Q4q9brXtpHMwvRV+EYaj0C0L6b///zXoNupivNRx6vN9ZI5JoH0nH+jpZNK43Vn+jErcL H/rvhGwgWa18vhf6t/pqGSzu0J8eWV0OofR+f0UP/////zSabTvDaRJKw4VHmhJ4KKLzIXoBck0q uTQDRiB6MeY0/8b//994X1+sw1esEBbo2Uo8meX327naTWeL5fSb//+/9JyV28oNVMgNoM+LZQ7l mb1e9jv30Jm5JVmC/v+l/5tfPZFnXJ3wHpDYFojQ5ydlImWdv5heCF/U4P/fBZE1DBbOvUO96ndy iB7IvWb63+Avrsngdht1X/krzKEAf2Uaki////8XBD2mj17UnVEhc3OdSQKxl3oCSmRV5sI8RBg+ 2/9C/0as87UL8sXDKXhNEloRyT+WdtDN/////y6FI8VGcC2Ap0MXwMMOfMz9R/5XH6RCYywkypIy bBQxv8WN/tGhmng0CCA1SSptuB7DWf+g1NvbHbe9iT9PRNJT9dsb/f/fprdCW1hJgx2qP+KaFKMV kdwViRVHQv9/62zIARes24pJek5bYpYvzJ9Bif/03+r/8tAhPd4pJiEJQwg2TT8NIeQCgv///3cu cXoMUZ4pyvGh/2cGSfpUPalgTV0Z3ELTFPUc/8b/W9LA6GH7jjmIiHL3NUdCF8FBJq1r6f8X/ji6 vhw7bVRI011dGDkXFyceVR3DGnnf+v9/Q7kWB3qHnx85aoLXRT9EM7U1Bfw+fgyW/y/0/2RIF9wX 3ZUS9pSu6upR3Dy9N1tUVBkXRv////+TNlRwzdbhDe+q6hImGDH9I8y2VYgARRd3/DVIERBuVdX/ G/xEWWyDWaep2zGwJSfNJoXRFuE3KPC/v+3RvPxRzRfpg8aty0C/8P//xZ2fEYsAqYTJQDOrRDJa eSmGL0tGWmqLyRT/t///4hRLWQ7MjyKvcYcTgVjQZR+8BM0xTeYLJy2uiF/g//+fV1IONItPQqkk 3TsH8BgplMwRFGNK8fT+L/T/QRPs9GNN+YQ48qt223KBeUI1YAHBfUK//f+3Q7hXQoLLCb4x6N47 7U33RoeKIUCj6Fdf4Nv/HE2p0AsSEyL3FI5E4r1hOKyAva7f6C/0gFU/C1m5CvS+U8N7RKl9ry/1 /1v/cz1Lvpz+eqOAcapby19bUsH/v9T/oOket5jYWohaNku2vrhhWABCi3XJTwfJ//+/xKFiHYVO vrtNNPi9F9DZsS0lGYLyEcL+Bf//L/WaVUFCekBiBCaGAVLNHj866oyuR0m/nfv1/wv/2U03FXNR ySxMqin8FurkQUtNYJ97S////y+32aoSsuTj1w+sGsRNBNhTGDwFqYz8xbhP2aRH/1Lf+kQ5NlOa +fStZYhBtdJC5E5g1db/rf53bbCJ2TlDwFSqT9HKpahvoU73/gsX+JlLyz3x1Ca+Z01Mycw+urf9 //+lUkM1aAo1VkNKtpdKzHK2QoeqaWS5Pir/L/RLiJ5yn6pcQ7aSYp68g/qPvGK/wv//20qeSlZO n/Ritkqfz575EMsq18zZr0J8//+t/4CcL/6xGGoMaStFkq/KSZKhRa1CnMHo+oF/g///SrHzQifD cx9A423E6G5MentiwNcZAWK1/f///09HZJ8j6ElZmQrKlxoZooOaV7x5xgs0tx+Igzs0mf///y90 dgFReS1sbvDvFvtRyoBCbZjkLMBuQ36Ao0Kt4////8hTMg6emaMDoSsBBh76XEAPVfsRoeRq6J4z DJL//9+qU1VkVxBxs7TLVVDJVUkAPMkHLtMzs/+NfuvMCLyCa4S3WhdDgjJhx0kiA1r+/1/qrafo QIBbwlK54fGQxPp4HDCi3p43ntf8v9QNng9qv1ULzDUQQpbLRdyR+L/FG51LyUWOijO0RhyeCYB1 l////99BTlH4A57EbPf3eSdHzuteUfwwaqbbvRj6+VL5wf+/1P/8jJEuCTNCKzkY1RA0AvGXRs65 EUpSbiB86///GWPBahXOVUfI9QEvU80qFlQHGhKVekSj+tb/b/FcABLor0RJRna0ovg2oHSG4lYb /2+UK6fgQVwogbzBtha/ArlE/i/9/4LfZ04n4ENagMHEj82JPta5GNmhcoCCHX//9v+tMsCgxOw0 3qvAuERLVyREV7ksPE3p/////wNWRr/oUWRCzp+fR7G+fEVR7TURBzoZND2CEBf/4SMX/43e+rc0 SksYGesds57tWxEJ9h2ee9/iF/hEIxmqTgpfEL55ZumRtplaN/pb/4FCHxj5Ce5KT7V8x9ErfZvG Lvr///+SlsxAXFFQEW5FEXW2z68sWZIfRU7E4+pqcRq6D/8X/jc5emBTzqzGPFHfpFcRbVc0OMpR FsH0t/jt1hxrw3QRBE7RWJ4hJCffp/9f4m8sJ2GnSzYZGRvAW+LtEVpAWf2H7Vv8//9QiRRMZZ84 8VxUN3IW+StpyzwoGr8bg1/4BRb6jXmJW3pjQyupG4AGp////5dVYWhfkCmM5VC0GXuQgw7/I9RR Yh+rG8RJMpD9X/r/lkCQq40sMvURYKsEvXa6rpyvTv6OYUVQ/63+S2VwaoDkfQYnwFGe7OI3PaUJ 2Pv/X/hqB8zDBvIx+p6z+0cSCWt9R0UBnkKKyT6N/v9/LLxJc4gntpiaC/UaK2y0k4McA07edP9f 4P9IO4Cq/9ePR1yE1WwqNfcN1nqFYcqy/CX/////29jl6ZeQd4k5UZKpSreasJzuzNRX5XFcY08U qUvK3EH//8L/bGBc65FNbvEEBg5dqf9PASc0uuMKqzOxVC3/X1jos7cE6v0YNXbMzATUwveK6kSm f4m/9ffIIgnGRZsTpv8xEEGAqykMOf////80qNEna6GdSuskprHuTWHVfm8OXaz3tNSkulFhEB3L lP//b/+4Wgo3wA6nNBMFqEVxVtTumrLRDa48sXO2PK2txP9f4oaHwuEa4FCavLfHSPqgBgRoRv// 37oFrZ6oqfn08CYeSEOtfXCqfJG3J+esrapf4v+lMbFCcw4puF+q7jjZzY01HWouUl/g/zc8c4Gk yQSlwzH/1Vo6nL/L/7/A/1A9bJedl1lNIZxHXqtX7fggRBlhSRylof///1gvbnmqZzwxGGM0pO4V N1jgVDApjUFBa2Ev/7/Uf0i/2qdpzVFApSAlBygtJFhBvx8SJDX///9GRi4oLvK37fxOFjMoRlsC M2RKLqQe9wBmf6m/1AYVuCoCLjRMLc+ct4D3M1cE8P//L1YkLDERaClMCfB+mi9wMQd3JEjSL/Uv 7S4iY7+nn5rfSSQyMlVgl7j9/zIkCSAvJQ5/+oQ+RSQvIiD+Lr8JgP9WQK0lNC05DyAslv+/wH8l JTOCj0OnBIkA6i2XJ5wVKUclPaM/1v///xuIvyyyMTgNLl0NKCMzIDM4c8RunCHYALggTi70//8z EkkvTMH2JhMOIyswVQQ5w5FfvAUk60v8BRoueShXC9hcAhcgLcTf4P9/Sob3JG0ATg4xWwokOE/m mB2uTnXnNfi3f4lRSbE2MjEzMSe6PW2K83SxT//ud9/QUVJ18wt4RVZIQIMJU0xDMkm3v0j/GfXS ODguDUBDIk+z5RhlQ1H/L/0Gx0EngI+PzVpFckYZdhq3EU17pf7//2lRRhHPZFpHQi1uGFZh7VdB Jf1f8U5KHbxwq//FOQQnY9G/NyCqRWJ6IW8l/f8vLQMg9qUqTQoBV4FBwSC6Rc1xQo/MiQN5RhRh viGoY/+3bRFtzAWBvr4Wwoy+qlHRAMt74/+NRzJGBkCaNEbKX8KvvU8zrPlBK90O2BFQgQwyrioO pS7BBzKlcIhzM0zhHdi3ukk9wo41NciEL4jCQvaEDDRhABxMC/y3f8KAQ8C8QbKVwpBAzFVuwrz5 TkrxRu7LQwOUpLaoIov+0v8N9EPCg0XIRsKGRcIINrBAjqgNl9i67xYfyLb4NanLKW3NQDbBwm/1 tsF+QFbKRsseRVSpNvj9vw6BUceFaLnBqqlAsTtEyGmYt98a5f9MI0iBNQTKJ8zFdd92hXEY67IR H0m+1yUL1Mv//9ZOSR2dyLg4Rk72RgYRBvgWCbPvFCk3278zN0bIQsKCRaqZEC0gqAJEBeaq+b4A uZBbowMTJTHYIWmGpDXnPddcYJvwxTFX/Ysfgww2SJupB7dJqvQjAHVBCgQTD5yPUf8X9gUNDUEA BRcAEQgDQRQSuckHaxoKFhJzHjFtg9VqTe5OAA0GXK8taPCHIoGsYCy21Q9IKBAMQedqtbbAAs6/ Ow2oSvgvMCgvNScA8xRFWEVEgYDAGo0WCAjkAQAwCgAkUQW/aSYgqBwBRmluZENEAaDybG9zZRtE zN4V1FNpemUX73/7TEwRQQ5NYXBWaWV3T2YPbm9hbw5Vbm0QLgNycyJud8MvS0VudhBvbnario5d ViJhYhg5iLgdRAx2ZdrukYqYDn1UaW1GKuKstVcaC1FDotu697ELe3BeZy1Mw25fIH5MaWJyTnlB IfZMULRQYyhLxkQ5tv1iYWxBbAZjWExhtz3sVNMqTXUDeCgbm7VbbBdyYw9+sHQQB/vnWlYdRkNv cHnFRGXahzdrBoMXJUhh5wsg3cKdRVNj2XY7+WxlblTfcFAvaA1hCwrDVytYRB2zt0VE8W/KkbZQ xMlweU2RbFt2Z4IiTRNFeGlCQfFi3WhxZB/xvVnAJv8vmY33hg27BWVwoTZCN+LCw7AzblqcZUl7 EXGiy/sXbCD8XnIYVG+TFYaZorhMqQ68JXsTYhENCGNrQ4VvT0RyAeNkZUNop9xdRGw0TW9CeXQi EhQnIpyeua+1LQpjmDYqUqCyvSfhVEdQb2koGUh7wWbtcEYmXL0TGYRDmDDoOm5FTLisMGkJaZwW pCImBDpNGDPXOEN1GH0ZOiQ5YW9rpURlLJWEIMWVaLXHHuObwGcbS2V5DE9w69yjazELRWoOgFZb vQAadnVlD4vM3KWEESl1bTAMT7PNJrc/ZML4baCiYW6Hc2UwijcXa4xyEPYHaXNkvfZcCXoZ8s4Q FKJ4rltQCCI5N6ErMyphKiECSg9ms1TNIAGhVVwPFrDfTkJ1ZmZBDwtMb3f2GbYjd3ZJcpQjdwqF m3Fa9MwMTYLCAKhtWbZN17fYYkD/BAITC2VZlmU0FxIQA6tlWZYPCRRzOb//hLw8UEVMAQPgAA8B CwEHrnvSbBNyKoAyBBADgmxnsZA1CwIzBJlb0s0HDNAeNHvZG9gQBwYAwHkIQIBbZHgCGAVGuMJ2 K2R4AR4uL9iToJikcJDrNn+7sAQjIAtgLmRhdGGYI+5CusH7Iid2QL3NYBuFLuUJAMPABny/KXs0 J0AbsHsNlAAASkE8CQAAAP8AAAAAAGC+AJBQAI2+AID//1eDzf/rEJCQkJCQkIoGRogHRwHbdQeL HoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/ dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78 Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/p TP///16J97kBAQAAigdHLOg8AXf3gD8BdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYnY4tmN vgDAAACLBwnAdEWLXwSNhDAU5QAAAfNQg8cI/5aM5QAAlYoHRwjAdNyJ+XkHD7cHR1BHuVdI8q5V /5aQ5QAACcB0B4kDg8ME69j/lpTlAABh6SNE//8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAgADAAAAIAAAgA4AAACQAACAAAAAAAAAAAAAAAAAAAACAAEAAABAAACAAgAAAGgAAIAA AAAAAAAAAAAAAAAAAAEACQQAAFgAAADY8AAA6AIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAkE AACAAAAAxPMAACgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADQAACAqAAAgAAAAAAAAAAAAAAA AAAAAQAJBAAAwAAAAPD0AAAiAAAAAAAAAAAAAAABADAA4MAAACgAAAAgAAAAQAAAAAEABAAAAAAA gAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAA AP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIiIiIiIiIiIiIiIiIgAAAj/////// /////////4AAAIf///////////////eAAACPf/////////////9/gAAAj/f////////////3/4AA AI//f///////////f/+AAACP//f/////////9///gAAAj///f////////3///4AAAI////f///// //f///+AAACP//93d3d3d3d3f///gAAAj//3f39/f39/f3f//4AAAI//d/f39/f39/f3f/+AAACP 939/f39/f39/f3f/gAAAh3f39/f39/f39/f3d4AAAI9/f39/f39/f39/f3+AAACP//////////// ////AAAACP//////////////8AAAAACP/////////////wAAAAAACP////////////AAAAAAAACP //////////8AAAAAAAAACP/////////wAAAAAAAAAACP////////AAAAAAAAAAAACP//////8AAA AAAAAAAAAACP/////wAAAAAAAAAAAAAACIiIiIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD////////////////AAAADwAAAA8AAAAPAAAADwAAA A8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAB+AAAA/wAAAf +AAAP/wAAH/+AAD//wAB//+AA///wAf//+AP/////////////////8jDAAAoAAAAEAAAACAAAAAB AAQAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAMDA wACAgIAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AACP//////8AAIj/////+AAAj4////+PAACP+P//+P8AAI+PiIiPjwAAiPf39/f4AACPf39/f38A AAj39/f38AAAAI9/f38AAAAACPf38AAAAAAAiIiAAAAAAAAAAAAAAAAAAAAAAAAA//8AAP//AADA AQAAwAEAAMABAADAAQAAwAEAAMABAADAAQAAwAEAAOADAADwBwAA+A8AAPwfAAD//wAA//8AAPDE AAAAAAEAAgAgIBAAAQAEAOgCAAABABAQEAABAAQAKAEAAAIAAAAAAAAAAAAAAAAAAAC89QAAjPUA AAAAAAAAAAAAAAAAAMn1AACc9QAAAAAAAAAAAAAAAAAA1vUAAKT1AAAAAAAAAAAAAAAAAADh9QAA rPUAAAAAAAAAAAAAAAAAAOz1AAC09QAAAAAAAAAAAAAAAAAAAAAAAAAAAAD29QAABPYAABT2AAAA AAAAIvYAAAAAAAAw9gAAAAAAADj2AAAAAAAAOQAAgAAAAABLRVJORUwzMi5ETEwAQURWQVBJMzIu ZGxsAE1TVkNSVC5kbGwAVVNFUjMyLmRsbABXUzJfMzIuZGxsAABMb2FkTGlicmFyeUEAAEdldFBy b2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3NlS2V5AAAAbWVtc2V0AAB3c3ByaW50ZkEA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuO49oG0cXpBjYqO vo7Jxb6x0Xu+kL+Ivkavkb6d6ayWOw8UFsTw6qlsxj6pbMZwqWzk0qls5ABjiczVY4nMqk9VlvO6 hEwkuvF8uronfAMZVJ/qtFonGHACaAtwAmgJFw5b4uwB6l3sAe9I4nwqSihZpT8oWZZ+KFmkdyhZ pBrp0vsS1oUFTGG3wG4GU8VEGdnAu9aFBGcZ4Xj+1oU2vy0gwp0SdzxxEnc9HdhSs4ESdz3nwmOv Z93pohUSdz1FVmj6LKbrGTveDd0kNhGh87mkxNStZ0sDoxqLkrmOx8YUwiEWrxnUOa+nZsD7CAwg u958DuT4CQ77q1w34bBTQc2EYWXy057z8tOeFpuFXrvy0564Ikvf4yLOw5Hy058zJ+Izx4j+bkfc 7YdXGLXNGRi1zBgYtcyE14GNZ1hnzkWPF10ZemUsGNz4gtJLj3Q7emUrQgdyWz1gs2dkemUs71+5 DGLX3DLWmyE59LDn3rywcWJJqst9+mDuwdFg7vKbTAkQvCxwS8RzXu5gc17uU7cGpKCjYCpVtwak cKNN4pVKngo9sZG+wLGRu211yeXDsZG7cHXJ9UAcn6X3pR804BW0heSd0cDfKuN6VfoYvf76LVAC KuN4adEsr8Qq43qYe4jc0L8Q9nSO+q1GgIdo0UTfIxIb8YZYi7ukGETfIwxLrWrfGELxNrsuiH10 +pQ3sKLePbCi2xWwotsMdPqV93DG0eVPkS4FT5EvHovJZUSFOS50nyskY4D1V1FPkS8oZpUQDpNq 79pZwu+NWcLvV52apMlZwu/DnZqh8onWmqXLPJsbJNq1LTAzL5MUogpq9GtnpTtT6YD0a1ecMDMv 1DrRQm3KCdpi1XV/yc+jM6DKpVGvlc0f+NXk6AlaqBg8s5Uq71zZ0LkIpMRKjMLUElz8uJANbUuZ dw0cKFwM6Lmt5TgXQmkG85KyxvGSssd4A4JvJJKy9WhW6okqVuqMrQbfARzpZfQOOYj/6WamWmPz rXBXOYj+i/OtcGc5iM3m3jFXcuFmqZnhZqmf4WaorDGVbmbhZqgw4Wao9itDJYX4riDrcMs9dA3c VvDSZVamx/nfahfQ0gEI0cNWx/neNLDzhN5fP7rDQOjIIEWB9YtL/DUQdGuluXRrscpFgfK8eR4b U5aQzYiWh+WPltviMp5iNiqJJDJNiU3m95b22gAvA9zg3zA2RqdmmaXfMLnAwEQWe9pxrRPUDGjR p2ZBrz6iQ2cB9Y+L0eE9jkB3bC4B9bzK0QZ4QtHc15HL0DLLFdaiMPoYV/UqgV4H5dbwNuCk0/Tg pNTM+jKdR+XuU6CgrNDGGt85Q5/7Lz+f+y4w9q29V1DRaIdPa4tBT0QVoHaWROuGrY9Ohp1zfknB u52NmfVwScG7uEnBibOGnX7zYpRgAl3DnpmX5hHtXcOsNpKtm5rZo4E9l+YRZerxdPn0vs1OD7F8 KwHMu7gBzLxkAcy8DcvpMh8PsXwOAcy6HBdDBUEoFPrD7Ey0KieHIiwoFOSb7Eyx9kSv2Hz4f6vR QwN44HxUhyZ8VIYQfFSGO0NcPum8jrOzvHM+UbyUSZt/A7M7QFRMw0BUTE1/Hg4BfxLdSH+vPcB/ mWk8f9YLmlBLAQIUAAoAAAAAAD1i3jDCSCRswHAAAMBwAAAMAAAAAAAAAAAAIAAAAAAAAABkb2N1 bWVudC5zY3JQSwUGAAAAAAEAAQA6AAAA6nAAAAAA ------=_NextPart_000_0010_6DA81EE4.377DE8F9-- --KSbBZLAGdCDRJDZDBDODOLPFHWJXXQ-- From owner-freebsd-net@freebsd.org Thu Jun 30 12:38:50 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1DE80B87218 for ; Thu, 30 Jun 2016 12:38:50 +0000 (UTC) (envelope-from LISTSERV@LISTS.IFAS.UFL.EDU) Received: from lists.ifas.ufl.edu (lists.ifas.ufl.edu [128.227.228.190]) by mx1.freebsd.org (Postfix) with ESMTP id DFC672C24 for ; Thu, 30 Jun 2016 12:38:49 +0000 (UTC) (envelope-from LISTSERV@LISTS.IFAS.UFL.EDU) Received: from IF-SRVV-LISTS (127.0.0.1) by lists.ifas.ufl.edu (LSMTP for Windows NT v1.1b) with SMTP id <8.000DD45B@lists.ifas.ufl.edu>; Thu, 30 Jun 2016 8:38:48 -0400 Date: Thu, 30 Jun 2016 08:38:48 -0400 From: "IFAS LISTSERV Server (16.0)" Subject: Your message dated Thu, 30 Jun 2016 17:47:58 +0530 with... To: freebsd-net@FREEBSD.ORG Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 12:38:50 -0000 Your message dated Thu, 30 Jun 2016 17:47:58 +0530 with subject "MCHEZS" has been successfully distributed to the AGED-FL-L list (473 recipients). From owner-freebsd-net@freebsd.org Thu Jun 30 14:46:29 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF87AB86F52 for ; Thu, 30 Jun 2016 14:46:29 +0000 (UTC) (envelope-from no-reply@x90.vip.6pm-coupon.com) Received: from x90.vip.6pm-coupon.com (x90.vip.6pm-coupon.com [104.148.25.90]) by mx1.freebsd.org (Postfix) with ESMTP id BFDB52819 for ; Thu, 30 Jun 2016 14:46:28 +0000 (UTC) (envelope-from no-reply@x90.vip.6pm-coupon.com) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=6pm-coupon; d=x90.vip.6pm-coupon.com; h=MIME-Version:From:To:Date:Subject:Content-Type:Content-Transfer-Encoding; i=no-reply@x90.vip.6pm-coupon.com; bh=EJJMnE9gn+jojrA2jyPwvEqBaBg=; b=PCOL+OouUhRoCXGE92luyw1xRwJjN1VZ/A2pKK2esimArHfGIA/IKyjWlUEZ1VSHdtsr7PHo60Ry 8vgHjSY1Koz+CU1C/S0tmMQhOo9yLWGDYISe+h2YDBAKxf+z4hAPxuq1p8ZqA3YmnF91OjcBkdaB Njnhr4Ni1MrC+FoCjK4= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=6pm-coupon; d=x90.vip.6pm-coupon.com; b=eY8VAULxa8tAvFWLLs8pBtDMA4MNN0xPOlBvrI8eotkQuGbDXrPCK4utcv2lx3pX5Rufq/9af+EA lF4BwOoly+STGt4+sy7uN40h/hNuCFykKFTMXXUsvIWAfWrshYcf983DcKdqBjIPZJlD6v2JqNJj BH37g0szi/HgcKc5+7o=; From: "Ray.Ban Sunglasses" To: freebsd-net@freebsd.org Date: 30 Jun 2016 22:36:39 +0800 Subject: Alert:From 90% off everything + Free Shipping499 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 14:46:29 -0000 From owner-freebsd-net@freebsd.org Thu Jun 30 19:14:07 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31256B87390 for ; Thu, 30 Jun 2016 19:14:07 +0000 (UTC) (envelope-from no-reply@x167.vip.6pm-coupon.com) Received: from x167.vip.6pm-coupon.com (x167.vip.6pm-coupon.com [104.148.25.167]) by mx1.freebsd.org (Postfix) with ESMTP id 214142F91 for ; Thu, 30 Jun 2016 19:14:05 +0000 (UTC) (envelope-from no-reply@x167.vip.6pm-coupon.com) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=6pm-coupon; d=x167.vip.6pm-coupon.com; h=MIME-Version:From:To:Date:Subject:Content-Type:Content-Transfer-Encoding; i=no-reply@x167.vip.6pm-coupon.com; bh=12rxzc/DHSPSAnYM/ixRX2SnM10=; b=UEuz3TIPEyPjSP9F3TB3+pK+tSnQDo8GVa1wgvgTZWEl2FeKvzWM8NjzuDFoMPnmpXGJyZaPCU7w ZW/I8hoiKXMnYtXTVURN2jQM/qFLT6d4o70UF89L7WAnqJEXXe916NolmQEfnxUhBqZUoYMv/s7b 4Tphp78diA6wjn3mBmY= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=6pm-coupon; d=x167.vip.6pm-coupon.com; b=3AhPjcz6d0TQaIQ4jOZ9qubXQSf+mGMwD5wsUA3urlK4+hvxd3xFmHAyTkZ2Idit1O1snoeJnElK gLFB5ObWtoB7hmx/HqwPbArxpTS39xq6FPr60eow2K458GkppskJPan8VxewGJGpF5fvBzbzOAqa VPoqRrg7Avqg4mQplvE=; From: "Ray.Ban Sunglasses" To: freebsd-net@freebsd.org Date: 1 Jul 2016 03:04:19 +0800 Subject: Big Sale:Don't miss out on our new selection of products!85 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 19:14:07 -0000 From owner-freebsd-net@freebsd.org Thu Jun 30 22:33:17 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DAD60B87CAA; Thu, 30 Jun 2016 22:33:17 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A106A2738; Thu, 30 Jun 2016 22:33:17 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id B234125D3A9F; Thu, 30 Jun 2016 22:33:13 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id B3AB7D1F892; Thu, 30 Jun 2016 22:33:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id Z-9S9yVqyJk4; Thu, 30 Jun 2016 22:33:10 +0000 (UTC) Received: from nv.sbone.de (nv.sbone.de [IPv6:fde9:577b:c1a9:31::2013:138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id BA463C7BC72; Thu, 30 Jun 2016 22:33:10 +0000 (UTC) Date: Thu, 30 Jun 2016 22:33:09 +0000 (UTC) From: "Bjoern A. Zeeb" Reply-To: freebsd-virtualization@freebsd.org To: freebsd-jail@freebsd.org, freebsd-virtualization@freebsd.org, freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: Request for VIMAGE testing in 11.0-ALPHA6 and later Message-ID: X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 22:33:18 -0000 Hi, during the last weeks and months a lot of changes went into the tree to allow a top-to-bottom network stack teardown to stabilize VNET shutdown and plug some memory leaks. In addition some missing parts were virtualised or the virtualisation was fixed, e.g., pf and ipfilter, ipfw log interface. I have done some testing and stress testing but it's impossible to catch all combinations and setups or even options. So once 11.0-ALPHA6 is out please do test (or if you want to do so now r302302 or later). These changes are only and will only be in FreeBSD 11 for the time being. You will still need to compile your own kernel; GENERIC will not have VIMAGE enabled for 11.0 as that requires at least a performance analysis (due to extra layer of indirection). It will also still print the "experimental" feature line, as we do not want to commit to KPI/KBI or other things yet and we feel more testing would be good. I would advise to start testing on dedicated test-systems and not necessarily production servers but obviously that is your choice. Also if you are using ports that bring their own ifnet interfaces and you are experiencing problems please let us know. If you find problems please file a bug report and make sure to set "vimage" in the Keywords field but feel also free to post to freebsd-virtualisation@ which I'll be monitoring. Thanks a lot to everyone! Bjoern -- Bjoern A. Zeeb r15:7 From owner-freebsd-net@freebsd.org Fri Jul 1 14:21:57 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77EDBB88E06 for ; Fri, 1 Jul 2016 14:21:57 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 573E02F3A for ; Fri, 1 Jul 2016 14:21:57 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 566A0B88E05; Fri, 1 Jul 2016 14:21:57 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 560AAB88E04 for ; Fri, 1 Jul 2016 14:21:57 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward3o.cmail.yandex.net (forward3o.cmail.yandex.net [IPv6:2a02:6b8:0:1a72::288]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 080F52F38; Fri, 1 Jul 2016 14:21:57 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp4o.mail.yandex.net (smtp4o.mail.yandex.net [37.140.190.29]) by forward3o.cmail.yandex.net (Yandex) with ESMTP id E24E920EBB; Fri, 1 Jul 2016 17:21:44 +0300 (MSK) Received: from smtp4o.mail.yandex.net (localhost [127.0.0.1]) by smtp4o.mail.yandex.net (Yandex) with ESMTP id 94AF42320670; Fri, 1 Jul 2016 17:21:44 +0300 (MSK) Received: by smtp4o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id N7HJzsIaBe-LhemnxFJ; Fri, 01 Jul 2016 17:21:43 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1467382903; bh=9E9B+uJZEcWgeM8p7YeQrmPKjEghsBUaJKzv5nJyTxk=; h=Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type; b=vRHs7JqPurz2WEnmqNGpl2lbA+I/T/uPmk5eeB6aWS8+2aj0KA4y4GG3M2Nt6nGZR RXh8bm7ffrwE3xeV+y5eYZ2QeB9OFJWgD885QCJAo9L+TqhcXrrztq3S0USZKYxBo/ J7l60hkYryXNnzuR8UUM9j0eWJhxqxnyepgjg9oE= Authentication-Results: smtp4o.mail.yandex.net; dkim=pass header.i=@yandex.ru X-Yandex-Suid-Status: 1 0,1 0,1 0 Subject: Re: 11.0-ALPHA5 ipfw cannot create table type number To: Guido Falsi , net@FreeBSD.org, "Alexander V. Chernikov" References: <05343d5b-1806-1747-4bad-5cd834bd647d@madpilot.net> From: "Andrey V. Elsukov" Message-ID: <57767C38.5020600@yandex.ru> Date: Fri, 1 Jul 2016 17:20:40 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1 MIME-Version: 1.0 In-Reply-To: <05343d5b-1806-1747-4bad-5cd834bd647d@madpilot.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="dnL5sPas99b2E2Q1ISVQXJGg4RGV2UTvd" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2016 14:21:57 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --dnL5sPas99b2E2Q1ISVQXJGg4RGV2UTvd Content-Type: multipart/mixed; boundary="TBOSHTNXxw0R55ce3q83qawefAWrFqRIu" From: "Andrey V. Elsukov" To: Guido Falsi , net@FreeBSD.org, "Alexander V. Chernikov" Message-ID: <57767C38.5020600@yandex.ru> Subject: Re: 11.0-ALPHA5 ipfw cannot create table type number References: <05343d5b-1806-1747-4bad-5cd834bd647d@madpilot.net> In-Reply-To: <05343d5b-1806-1747-4bad-5cd834bd647d@madpilot.net> --TBOSHTNXxw0R55ce3q83qawefAWrFqRIu Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 30.06.16 13:05, Guido Falsi wrote: > While testing the new firewall functionality on head I stumbled in this= : >=20 > root@sensei:~ [0]# ipfw table foo create type number >=20 > ipfw: Table creation failed: Operation not supported > root@sensei:~ [71]# >=20 > The ipfw man page states this should work, am I missing something? You need to specify algo too. # ipfw table T create type number algo number:array Don't know what is this - the code bug or documentation bug... --=20 WBR, Andrey V. Elsukov --TBOSHTNXxw0R55ce3q83qawefAWrFqRIu-- --dnL5sPas99b2E2Q1ISVQXJGg4RGV2UTvd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXdnw5AAoJEAHF6gQQyKF68EEH/1CnTuGelFDpiVH1yfQ9KWMZ bZ7rcOjWlz9OLbUhSx/F7QJfUoDVBqpldkleV2tM9yo/xo2bKr85bIm9Qi2wRMrK i16qrgTi0Tp87jw4JIom7o6bXVqrTR1ga9HxmwHcCHLz6QAPBKb2n6ewJ+AfFbTt ZHyFMRnxIifWxYAXNtVa4Db3BRQ+r+lzXz/2r12p7MM1TgQ6DvQxT/GFzbGSQFfx z9XcnTmx4PgRloJWVGTTL5r2URvLtZmtfME6Dq4cCJFOufC4JCEEKRZVqzUZJVfW D86b0ZuVqoZMudL1pPELZbr5DaXy7wlMIv6NgxVd2z3jtuQOS0W8Lx8bZL8c6NM= =9yiA -----END PGP SIGNATURE----- --dnL5sPas99b2E2Q1ISVQXJGg4RGV2UTvd-- From owner-freebsd-net@freebsd.org Fri Jul 1 14:35:17 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 57780B8E384 for ; Fri, 1 Jul 2016 14:35:17 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 3E9A92E73 for ; Fri, 1 Jul 2016 14:35:17 +0000 (UTC) (envelope-from mad@madpilot.net) Received: by mailman.ysv.freebsd.org (Postfix) id 3DF63B8E383; Fri, 1 Jul 2016 14:35:17 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D9EBB8E382 for ; Fri, 1 Jul 2016 14:35:17 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (grunt.madpilot.net [78.47.145.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 005712E72; Fri, 1 Jul 2016 14:35:16 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 3rgzTQ3NNSzZsD; Fri, 1 Jul 2016 16:35:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=madpilot.net; h= content-transfer-encoding:content-type:content-type:in-reply-to :mime-version:user-agent:date:date:message-id:from:from :references:subject:subject:received:received; s=mail; t= 1467383704; x=1469198105; bh=q7Ak+QE3iBT6s5pBjPnUy49QqFp8uhtY9FR U868Iqzg=; b=mGXu88RQl3QizngbbJUTW3yFNs1HJb7OeiTiKgx7LOaRO1ToOnU 98TJS7IXdBe6skeTMMdPMiClLVmIjtr9tEqaGZQICwlvk6Zcc1JuQiAiqx4+lmTY AZ0HoyDFts8SyZAv89xgim6+IKh0xdf4K9GIbxyShY3X6zWm16gfjJQA= Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10024) with ESMTP id 1nyLNDHRQ866; Fri, 1 Jul 2016 16:35:04 +0200 (CEST) Received: from marvin.madpilot.net (micro.madpilot.net [88.149.173.206]) by mail.madpilot.net (Postfix) with ESMTPSA; Fri, 1 Jul 2016 16:35:04 +0200 (CEST) Subject: Re: 11.0-ALPHA5 ipfw cannot create table type number To: "Andrey V. Elsukov" , net@FreeBSD.org, "Alexander V. Chernikov" References: <05343d5b-1806-1747-4bad-5cd834bd647d@madpilot.net> <57767C38.5020600@yandex.ru> From: Guido Falsi Message-ID: <11bfeecf-8a4e-8ebb-6c76-41ab7ff906a4@madpilot.net> Date: Fri, 1 Jul 2016 16:35:04 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <57767C38.5020600@yandex.ru> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2016 14:35:17 -0000 On 07/01/16 16:20, Andrey V. Elsukov wrote: > On 30.06.16 13:05, Guido Falsi wrote: >> While testing the new firewall functionality on head I stumbled in this: >> >> root@sensei:~ [0]# ipfw table foo create type number >> >> ipfw: Table creation failed: Operation not supported >> root@sensei:~ [71]# >> >> The ipfw man page states this should work, am I missing something? > > You need to specify algo too. > > # ipfw table T create type number algo number:array > > Don't know what is this - the code bug or documentation bug... > Thanks a lot. It did not occur to me to try with algo too. It now works. BTW if it's a man page bug I can submit a patch, I have also noticed another minor error too in the examples. -- Guido Falsi From owner-freebsd-net@freebsd.org Fri Jul 1 18:45:42 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C191CB8F89A for ; Fri, 1 Jul 2016 18:45:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B19F32050 for ; Fri, 1 Jul 2016 18:45:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u61IjgcS035308 for ; Fri, 1 Jul 2016 18:45:42 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 210747] Routing table screwed up when adding routes for IPv6 Date: Fri, 01 Jul 2016 18:45:42 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: tuexen@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2016 18:45:42 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210747 Michael Tuexen changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Jul 2 00:27:19 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A6E6B8E6B8 for ; Sat, 2 Jul 2016 00:27:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8A3852A29 for ; Sat, 2 Jul 2016 00:27:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u620RIlC060696 for ; Sat, 2 Jul 2016 00:27:19 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 210726] tcp connect() can return invalid EADDRINUSE Date: Sat, 02 Jul 2016 00:27:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.3-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: short_desc assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jul 2016 00:27:19 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210726 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|tcp connect() EADDRINUSE |tcp connect() can return | |invalid EADDRINUSE Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org Keywords| |patch --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Jul 2 00:41:03 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ACC6BB8F087 for ; Sat, 2 Jul 2016 00:41:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9C9D425CB for ; Sat, 2 Jul 2016 00:41:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u620f3gv088969 for ; Sat, 2 Jul 2016 00:41:03 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 210488] ue0 axge AX88179 Ierrs errors under havy network load Date: Sat, 02 Jul 2016 00:41:03 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.3-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jul 2016 00:41:03 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210488 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org Keywords| |patch --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Jul 2 00:41:22 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A15C9B8F0ED for ; Sat, 2 Jul 2016 00:41:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9034626DE for ; Sat, 2 Jul 2016 00:41:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u620fLQg090041 for ; Sat, 2 Jul 2016 00:41:22 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 210481] [Carp] do not work correctly advertisement skew in the case of several vhid on a single physical interface Date: Sat, 02 Jul 2016 00:41:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jul 2016 00:41:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210481 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Jul 2 00:43:19 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19E15B8F3BB for ; Sat, 2 Jul 2016 00:43:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 09E812A70 for ; Sat, 2 Jul 2016 00:43:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u620hItR097351 for ; Sat, 2 Jul 2016 00:43:18 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 210461] Realtek RTL8110SC 3 port Adapter doesn't work Date: Sat, 02 Jul 2016 00:43:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to component Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jul 2016 00:43:19 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210461 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org Component|misc |kern --=20 You are receiving this mail because: You are the assignee for the bug.=